# My computer is slowly dying



## ep2002 (Oct 31, 2006)

Actually I don't know about slowly anymore.

Note before I start. Yes this is my business computer, but I'm a very very small business. My company barely makes enough to support me & I have no money to hire someone even if I could find someone qualified which most people online are not qualified as you know. So PLEASE help me. I don't care what gets deleted, I can barely work & I end up blaming others when the issue in the end is my computer - how embarrassing.

I work 100% on my desktop, the only time I use my laptop is when I'm away out of town which is rare or for personal things. It looks like my laptop is infected too, but probably not as bad as the desktop. It's a brand new laptop too, less than a year old.

Desktop - XP Proff
laptop - 7 b/c I have no choice.

Here are my stats for the desktop - http://speccy.piriform.com/results/xOeMISiTtcD3VF08kzRVGSZ

These problems have been going on for months.

I'm a very very careful user, but I am online all the time & so who knows what is sent to me either by accident or on purpose.

At one point I thought I was hacked, but people said I wasn't. I recently got a new router & it's locked down just like the old one was when I learned how to do it.

If I listed every problem we'd be here all day.

I'll go thru the strangest of them:

1. Screensaver & lockdown (p/w required to get onto the computer) works intermittently. Same issue with the laptop.

2. I only use Firefox (Fx) & Thunderbird (TB). I also use Last Pass (LP). While LP isn't 100% the greatest piece of software, I have yet to find anyone who has the problems I have. It has to be something with the computer that is causing this.

a) sometimes the site doesn't remember the login or inserts the wrong info. Those are even my Word Press (WP) blogs. I know LP doesn't work well with poorly coded sites, but for WP, it should be no problem.
b) my Fx crashes all the time now. Ever since 6 or 7.0 I think. It won't stop crashing, sometimes 2 or more times a day. It's nuts. Different sites so it's not any one particular site.
c) in July suddenly the the site for my hosting company (HD, the ticket site, not the CPanel) became HUGE (fonts, graphics) on my screen. This wasn't happening with any other site & they claim they didn't change anything & it didn't look like that as I sent them a SS.
d) ever since I upgraded from Fx 5, whenever Fx restores previous pages or crashes & restores, some of the pages don't have the URL in the address bar. It's just missing. It's gotten slightly better, but it never happened before.
d) When I forward an e-mail from my sent & maybe other folders within TB, it doesn't forward using the default e-mail account or the e-mail that it was using before. No one has been able to solve this problem.
e) lots of problems with TB.

i) Folders being created (not by me) with a string of numbers/letters. 
ii) Can't delete a folder I want to. 
iii) Mail missing from folders I need.
iv) sometimes I go into a specific account & when I click on "write" it doesn't use the account's e-mail addy, it uses the default one.
v) I keep getting this script error. It's also intermittent. I thought it was one of the add-ons, but even after I uninstalled that add-on it started happening again.
vi) ever since the time change last month I've been having problems with the e-mail time in TB. At first it was hard to get the computer to manually set to the time I wanted it set to. I think I had daylight savings time set & where I am not there is no daylight savings time, so that screwed up the time. I finally got it to stick on the computer, but ever since then, any mail that comes in shows 1 hour behind the actual time it came in.

I just tested it after unchecking the synch checkmark & I got the current time, but that was ONLY when I sent mail to myself from 2 different gmail accounts (one from the desktop, one from the laptop) When mail from others came thru, again, 1 hour behind.
vii) the laptop has had a time issue as well. It keeps showing 1 hour behind no matter how many times I set it. I've now taking off the synchronization checkmark to see if that helps (someone recommended that)
viii) back in June e-mail that I normally always got from my gateway stopped coming through. HD claimed it was coming into my TB, yet I wasn't getting it. Eventually that problem stopped, but boy was that scary.

3. Starting back in Dec./Jan. of this year, I switched hosting companies & was introduced to CPanel. I used the Spam Assasin (SA) religiously wasting a lot of time b/c every few weeks all the entries I submitted would disappear.

After wasting more time dealing with host dime (the hosting company), they blamed it on my computer saying it was deleting the entries. Yes I had ghosts.

After someone helped to logically think things thru & he actually saw it happen while he was in my computer remotely, he figured out it was a conflict between Fx & SA & the timeout or reboot function.

What I don't understand is why it wasn't reported online. I can't be the ONLY person using Fx with SA. When I switched to Chrome just to use the Cpanel, the problem stopped, but I eventually stopped using SA b/c it was a waste of time blocking good mail that I put on the white list.

My point is, I still think it had something to do with my computer.

4. Files keep disappearing from my computer. I know they were there, just gone & this must have happened a while ago b/c I have everything backed up through Crash Plan & I couldn't find them there either.

5. Shortcuts in the start menu disappeared. All but Fx & TB.

6. Junk files in the The Car folder. Can't delete them, warning says some are part of the system file. AlbumArt_{0A0B70F4-AA3C-48FF-B440-70925C53A4A0}_Large.jpg - this file has music in it. I don't save or keep art.

7. On my E drive (used for e-mails & other backup type stuff) this folder is there. I didn't create it. fe19a24640db537895a48aa9e4d1fd

8. Same here, not sure what this is  SMRTNTKY

9. When I tried to listen to VM greetings from RC & my extension 100, they wouldnt play on Windows Media Player. It kept telling me it didnt recognize the file type even though its an mp3 file. Default intro greeting & default VM greeting

10. In my router had 2 ports opened called RC1 & RC2 ports 5060 to 5090 & 8000 to 8200 (This isnt a problem that needs to be fixed, but its very suspicious, as I have no idea why this was there) I deleted them while on the phone with Linksys.

11. 12-18-11 - Speakers wont play on the computer. Speakers are fine as they played in the cell phone, drivers are there as someone walked me thru confirming that, nothing will play. : (

12. I use Track Changes in Word religiously. I recently hired a new biz consultant who isnt tech savvy & he changed the font to some weird font. On my computer it shows up as ALL CAPS, but on his it has both lower & upper case. I forwarded it to someone else also using Word 2003, & they see what he sees. I sent it to my laptop, although it looks blotchy & faint, I can see the lower case.

So as you can see, really strange things.

I'll paste the log files below.

Thank you. I hope some sharp cookie can help 

Michelle


----------



## ep2002 (Oct 31, 2006)

I didn't DL the beta version...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:32:37 PM, on 12/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
D:\Notes\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
D:\Notes\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Notes\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Speccy\Speccy.exe
C:\WINDOWS\System32\vssvc.exe
D:\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChitChat Toolbar\tbhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll
O3 - Toolbar: ChitChat Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [rmtemp] cmd /c c:\dostools\rmtemp.bat
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Notes\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - 
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Unknown owner - C:\WINDOWS\TEMP\AVSETUP_4eac0d84\avupgsvc.exe (file missing)
O23 - Service: Bomgar Support Customer Client [1291058205] (bomgar-scc-1291058205) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13208 bytes


----------



## ep2002 (Oct 31, 2006)

Re: HJT, programs that are on my computer by choice in case you are wondering:

1. personal assistant
2. Chat Chat for FB


Michelle


----------



## ep2002 (Oct 31, 2006)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Michelle at 19:37:30 on 2011-12-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1131 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
D:\Notes\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
D:\Notes\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Notes\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Speccy\Speccy.exe
C:\WINDOWS\System32\vssvc.exe
D:\Downloads\HijackThis.exe
C:\WINDOWS\system32\mspaint.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\chitchat toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\chitchat toolbar\tbcore3.dll
TB: ChitChat Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\chitchat toolbar\tbcore3.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Personal Assistant] c:\program files\shelltoys\personal assistant\assistant.exe
uRun: [Google Update] "c:\documents and settings\michelle\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RCUI] "c:\program files\ringcentral\ringcentral call controller\RCUI.exe"
uRun: [RCHotKey] "c:\program files\ringcentral\ringcentral call controller\RCHotKey.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Chit Chat for Facebook] c:\program files\chit chat for facebook\CCFFacebook.exe
mRun: [rmtemp] cmd /c c:\dostools\rmtemp.bat
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "d:\notes\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
Trusted Zone: exoticpublishing.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 200.75.200.3 200.75.200.2
TCP: Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3} : DhcpNameServer = 200.75.200.3 200.75.200.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michelle\application data\mozilla\firefox\profiles\vc1po946.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice...p://www.odesk.com|http://66.7.214.224/cpanel/
FF - prefs.js: network.proxy.http - http://proxy.uconn.edu:3000/proxy.pac
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\michelle\application data\mozilla\firefox\profiles\vc1po946.default\extensions\[email protected]\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\michelle\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\michelle\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInst11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-29 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-29 74640]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2011-6-29 152576]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\notes\logmein\x86\LMIGuardianSvc.exe [2010-9-16 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\notes\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-24 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-27 366152]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-2-22 245760]
R3 cpuz135;cpuz135;\??\c:\docume~1\michelle\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\michelle\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-27 22216]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-7-25 49208]
R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\temp\avsetup_4eac0d84\avupgsvc.exe" /tempstart:""c:\windows\temp\avsetup_4eac0d84\setup.exe" /notempcleanup /crossupgrade" --> c:\windows\temp\avsetup_4eac0d84\avupgsvc.exe [?]
S2 bomgar-scc-1291058205;Bomgar Support Customer Client [1291058205];"c:\documents and settings\all users\application data\bomgar-scc-4cf3fc1d\bomgar-scc.exe" -service:run --> c:\documents and settings\all users\application data\bomgar-scc-4cf3fc1d\bomgar-scc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-15 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2011-2-22 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2011-2-22 11520]
S3 cpuz129;cpuz129;\??\c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys --> c:\docume~1\michelle\locals~1\temp\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-15 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-10 27064]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-12-11 19:39:48	--------	dc----w-	c:\documents and settings\michelle\application data\Domain Name Analyzer v4.1
2011-12-11 19:39:40	--------	dc----w-	c:\program files\Softnik Technologies
2011-12-10 15:38:09	--------	d-sh--w-	C:\found.001
2011-12-09 04:28:11	--------	dc----w-	C:\EVENTDB
2011-12-09 04:28:01	--------	dc----w-	C:\REPORTS
2011-12-09 04:28:01	--------	dc----w-	C:\LOGFILES
2011-12-09 04:28:01	--------	dc----w-	C:\INFECTED
2011-12-09 01:39:48	--------	dc----w-	c:\program files\OverDrive Media Console
2011-12-05 23:43:04	--------	dc----w-	c:\program files\Cisco Systems
2011-12-05 23:13:32	--------	dc----w-	c:\documents and settings\all users\application data\Cisco Systems
2011-11-25 02:38:28	--------	dc----w-	c:\program files\Chit Chat For Facebook
2011-11-25 02:38:28	--------	dc----w-	c:\documents and settings\all users\application data\Chit Chat For Facebook
.
==================== Find3M ====================
.
2011-12-15 19:24:26	83360	-c--a-w-	c:\windows\system32\LMIRfsClientNP.dll
2011-12-15 19:24:25	52096	-c--a-w-	c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-12-15 19:24:24	87424	-c--a-w-	c:\windows\system32\LMIinit.dll
2011-12-15 19:24:24	30592	-c--a-w-	c:\windows\system32\LMIport.dll
2011-11-23 13:25:32	1859584	-c--a-w-	c:\windows\system32\win32k.sys
2011-11-15 01:21:32	414368	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 16:52:52	4734	-c--a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-11-04 19:20:51	916992	-c--a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20:51	43520	-c--a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51	1469440	-c----w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59	385024	-c--a-w-	c:\windows\system32\html.iec
2011-11-01 16:07:10	1288704	-c--a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31:48	33280	-c--a-w-	c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08	2148864	-c----w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02	2027008	-c----w-	c:\windows\system32\ntkrnlpa.exe
2011-10-19 21:56:50	74640	-c--a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-19 21:56:50	36000	-c--a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-18 11:13:22	186880	-c--a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22:41	692736	-c--a-w-	c:\windows\system32\inetcomm.dll
2011-10-07 14:37:30	83360	-c--a-w-	c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-10-07 14:37:27	87424	-c--a-w-	c:\windows\system32\LMIinit.dll.000.bak
2011-10-03 11:06:03	472808	-c--a-w-	c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52	73728	-c--a-w-	c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50	599040	-c--a-w-	c:\windows\system32\crypt32.dll
2011-09-26 16:41:20	611328	-c--a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20	220160	-c--a-w-	c:\windows\system32\oleacc.dll
2011-09-26 16:41:14	20480	-c--a-w-	c:\windows\system32\oleaccrc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR 
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B120AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8B121AC0]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000071[0x8B120030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!! 
.
============= FINISH: 19:38:24.71 ===============


----------



## ep2002 (Oct 31, 2006)

Here is the attach file


----------



## ep2002 (Oct 31, 2006)

Ok, first the GMER software hung the computer so I had to reboot.

The 2nd time it worked, BUT it took around 1.5 hours give or take, to run thru C drive. Is that normal?

Thanks everyone & have a lovely night 

Michelle

----------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-21 21:59:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000073 ST3500418AS rev.CC38
Running: 8f0c5e3u.exe; Driver: C:\DOCUME~1\Michelle\LOCALS~1\Temp\awndyfow.sys

---- System - GMER 1.0.15 ----

SSDT BA7EE8B4 ZwClose
SSDT BA7EE86E ZwCreateKey
SSDT BA7EE8BE ZwCreateSection
SSDT BA7EE864 ZwCreateThread
SSDT BA7EE873 ZwDeleteKey
SSDT BA7EE87D ZwDeleteValueKey
SSDT BA7EE8AF ZwDuplicateObject
SSDT BA7EE882 ZwLoadKey
SSDT BA7EE850 ZwOpenProcess
SSDT BA7EE855 ZwOpenThread
SSDT BA7EE8D7 ZwQueryValueKey
SSDT BA7EE88C ZwReplaceKey
SSDT BA7EE8C8 ZwRequestWaitReplyPort
SSDT BA7EE887 ZwRestoreKey
SSDT BA7EE8C3 ZwSetContextThread
SSDT BA7EE8CD ZwSetSecurityObject
SSDT BA7EE878 ZwSetValueKey
SSDT BA7EE8D2 ZwSystemDebugControl
SSDT BA7EE85F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C48 805044E4 4 Bytes CALL D1CEFF67 
.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes [6E, E8, 7E, BA]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes CALL D09EFFCB 
.text ntkrnlpa.exe!ZwCallbackReturn + 2CB8  80504554 4 Bytes CALL EFBEFFD7 
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL D2DAFFFF 
.text ... 
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB85B6000, 0x1C5DC8, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0040142F C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----------



## ep2002 (Oct 31, 2006)

Ok, update...

Someone who is a software person more than a hardware person came over today to install the new video card.

It wouldn't work  I got those 3 beeps that were causing problems a month or two ago.

He took out the stupid wireless card that never worked, so that's good, but I just paid $50 for that video card & it won't work in my computer (HELP).

He thinks it's the MB <sigh> I can't afford a new MB right now & I don't even have anyone I can trust to put it in even if I could afford it.

He tried to redo the drivers for the sound card (realteck), but that didn't solve the speaker issue.

Oh gawd, I'm really getting scared now. We almost couldn't get the computer back once he put the old video card back in. I had to pray to my baby that she stay with me.

Michelle


----------



## ep2002 (Oct 31, 2006)

I know it's the holidays so I'm waiting patiently. 

Pls. help.

The speakers are suddenly working thank gawd.

Everything else is the same.

Thank you

Michelle


----------



## eddie5659 (Mar 19, 2001)

Hiya

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie


----------



## ep2002 (Oct 31, 2006)

Umm, I already have the paid version of MBAM on my computer, so I'm not sure why you awnat to me to add it again.

As for Super Anti spyware, I had the paid version for the longest time & it recently experienced. I was told not to h ave both on my computer, so I am not renewing it.



Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, as you have the paid version of MBAM, can you update it and run a full system scan 

Also, can you do the following:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## ep2002 (Oct 31, 2006)

Hi,

Not sure what happened, but no "extra" notepad opened, so all I have is the other one.

OTL logfile created on: 1/1/2012 7:10:40 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 75.65% Memory free
6.34 Gb Paging File | 5.35 Gb Available in Paging File | 84.35% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 114.70 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 130.83 Gb Free Space | 91.60% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 147.80 Gb Free Space | 84.36% Space Free | Partition Type: NTFS

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 18:50:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(1).exe
PRC - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\ramaint.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/21 23:33:42 | 003,788,288 | ---- | M] (Athena IT Limited) -- C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
PRC - [2011/11/14 16:24:33 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/27 17:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/03/18 09:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/14 16:24:35 | 001,988,760 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2011/11/14 16:24:35 | 000,161,944 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/11/14 16:24:35 | 000,021,656 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/15 15:23:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/02/16 12:57:38 | 000,301,568 | ---- | M] () -- C:\Program Files\ChitChat Toolbar\tbhelper.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 09:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/25 02:56:58 | 000,049,208 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/03/04 01:49:58 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/11/30 20:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChitChat Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 14:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/03 22:30:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 23:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/30 02:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2011/08/24 19:36:44 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/17 10:25:22 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/09/05 11:16:07 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2011/10/20 21:52:19 | 000,000,000 | ---D | M] (PRFrame) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{67119310-420c-11df-9879-0800200c9a66}
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2011/10/04 01:33:43 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/12 22:30:07 | 000,000,000 | ---D | M] (Area deCoder) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/09/11 17:43:40 | 000,000,000 | ---D | M] (NewsBasis) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/01/12 22:30:07 | 000,000,000 | ---D | M] ("Show Parent Folder") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/17 22:45:06 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/25 20:38:03 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/10 20:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 20:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{3474C305-9DAD-11D8-9207-00055D74C2E4}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2011/11/09 14:28:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 10:01:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 14:28:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2010/11/19 00:50:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [rmtemp] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe (Athena IT Limited)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 15:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/12/11 13:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2011/12/11 13:39:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Softnik Technologies
[2011/12/11 13:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Softnik Technologies
[2011/12/10 09:38:09 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/12/08 22:28:11 | 000,000,000 | ---D | C] -- C:\EVENTDB
[2011/12/08 22:28:01 | 000,000,000 | ---D | C] -- C:\REPORTS
[2011/12/08 22:28:01 | 000,000,000 | ---D | C] -- C:\LOGFILES
[2011/12/08 22:28:01 | 000,000,000 | ---D | C] -- C:\INFECTED
[2011/12/08 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console
[2011/12/08 19:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
[2011/12/05 17:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2011/12/05 17:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 19:22:14 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/01/01 19:22:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/01/01 18:51:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 18:51:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 01:22:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2011/12/31 02:33:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/12/30 11:14:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 11:13:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 11:52:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/21 02:30:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/21 02:27:17 | 000,741,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/20 22:10:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/16 11:52:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/12/15 13:24:24 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/12/15 13:24:24 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/12/11 13:39:41 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\Domain Name Analyzer v4.lnk
[2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/12/08 19:39:51 | 000,001,888 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/11 13:39:41 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\Domain Name Analyzer v4.lnk
[2011/12/08 19:39:51 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2011/12/05 17:43:13 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Connect.lnk
[2011/11/10 16:51:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ccff.isl
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/09/25 19:43:50 | 000,364,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 10:12:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/07/28 12:48:27 | 000,112,922 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/07/28 12:48:27 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/06/15 15:00:33 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2009/12/25 09:24:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\AEBFONT.INI
[2009/12/11 21:55:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/30 01:11:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/11/24 23:23:36 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/11/20 01:07:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/20 01:07:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/20 01:07:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/20 01:07:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/20 01:07:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/20 22:00:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/10/20 22:00:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/20 21:59:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/05/17 16:27:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/03 22:58:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/03/03 22:58:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 12:55:36 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/22 23:23:45 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp1ml3.dll
[2008/08/03 22:38:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/25 14:36:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Acrobat.dll
[2008/07/24 14:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/07/24 01:43:18 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/07/24 01:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/24 01:06:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2008/07/24 01:05:15 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2008/07/24 01:04:55 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2008/07/24 01:04:46 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2008/07/24 01:04:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2008/07/24 00:53:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2008/07/24 00:53:47 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/07/24 00:53:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/07/24 00:45:02 | 000,001,191 | ---- | C] () -- C:\WINDOWS\WTAPI.INI
[2008/07/24 00:41:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\hpu.dll
[2008/07/23 22:52:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/23 21:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/23 21:16:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/07/23 20:40:47 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/07/23 20:33:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/23 20:29:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/23 16:03:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/23 16:02:01 | 000,741,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,436,002 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,068,706 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/11 09:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 13:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/31 08:40:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\vbcrc.dll

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/12/30 13:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/01 11:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/08/01 02:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/10/27 04:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2011/12/11 16:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2011/09/06 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2010/08/01 02:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2011/09/06 17:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/11/10 16:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Toolbar4
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/04 02:57:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2011/12/31 02:33:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2010/08/04 02:57:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\soundtapShakeIcon.job
[2010/07/31 23:56:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2012/01/01 19:22:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2010/08/04 02:56:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

< End of report >

As for MBAM, there seems to be a problem with it, so I have to see if support got back to me on what to do.

It should already be up-to-date, it's on automatic.

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

They had me uninstall & reinstall & now my key isn't working. I have to wait until Tues. to get an answer from that other company if somehow the key changed.

Here's the log...

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michelle :: EXOTIC-3C629299 [administrator]

Protection: Enabled

1/1/2012 11:30:06 PM
mbam-log-2012-01-01 (23-30-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345987
Time elapsed: 1 hour(s), 35 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)


----------



## eddie5659 (Mar 19, 2001)

For the Extra's log for OTL, is it not in the same place where OTL is run from, ie D:\Downloads?

If not, its okay, as we'll run a different tool to get that part 

Do you know what these are? If you do, that's okay:

*C:\WINDOWS\Tasks\expressripShakeIcon.job
C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
C:\WINDOWS\Tasks\soundtapShakeIcon.job
C:\WINDOWS\Tasks\switchShakeIcon.job
C:\WINDOWS\Tasks\wavepadShakeIcon.job*

--------

Update Java as its out of date:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Now, go *here* and download the latest Java Version.

-----

Can you do this for me next:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Program Files\ChitChat Toolbar\tbcore3.dll
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\WINDOWS\System32\drivers\WLNdis50.sys
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{338B4DFE-2E2C-4338-9E41-E176D497299E} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D} /sub
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-------

Then, can you run this tool:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## ep2002 (Oct 31, 2006)

No, the only "extras" I found was from March. It's an old file. I'm going to delete it actually so there's no future confusion.

No clue what these are??? Are they on my computer?

C:\WINDOWS\Tasks\expressripShakeIcon.job
C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
C:\WINDOWS\Tasks\soundtapShakeIcon.job
C:\WINDOWS\Tasks\switchShakeIcon.job
C:\WINDOWS\Tasks\wavepadShakeIcon.job

==================
Ok, here's the log file for the removal of Java

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 02 13:43:20 2012

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\Michelle\Application Data\Sun\Java\jre1.6.0_26

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Jan 02 13:43:54 2012

------------------------------------

Finished reporting.

------------------System Look notepad--------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 13:47 on 02/01/2012 by Michelle
Administrator - Elevation successful

========== file ==========

C:\Program Files\ChitChat Toolbar\tbcore3.dll - File found and opened.
MD5: C68C3397B0339DF5F0B36FAE64B38942
Created at 03:44 on 23/06/2011
Modified at 03:44 on 23/06/2011
Size: 2398720 bytes
Attributes: -----c-
FileDescription: IE Toolbar Engine
FileVersion: 4, 2, 0, 7
ProductVersion: 4, 2, 0, 7
OriginalFilename: tbcore3U.dll
InternalName: tbcore3U
ProductName: IE Toolbar
LegalCopyright: Copyright © 2001-2010. All rights reserved.

C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe - File found and opened.
MD5: 67A77933DF3C81047E905972AF990534
Created at 02:38 on 25/11/2011
Modified at 05:33 on 22/11/2011
Size: 3788288 bytes
Attributes: --a--c-
FileDescription: Chit Chat for Facebook
FileVersion: 1.4.5.4
ProductVersion: 1.4.5.4
OriginalFilename: 
InternalName: 
ProductName: 
CompanyName: Athena IT Limited
LegalCopyright: Copyright 2011
Comments:

C:\WINDOWS\System32\drivers\WLNdis50.sys - File found and opened.
MD5: BB2C5A7A555B387B85481B8BDE5370D7
Created at 18:19 on 06/05/2011
Modified at 15:54 on 27/02/2008
Size: 20480 bytes
Attributes: --a--c-
FileDescription: WLAN NDIS 5.0 User Mode Control Driver
FileVersion: 1.0.0.50
ProductVersion: 1.0.0.50
OriginalFilename: WLNDIS50.SYS
InternalName: WLNDIS50.SYS
ProductName: Windows (R) DDK driver
CompanyName: 
LegalCopyright: Copyright (C)
Comments:

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
@="SMTTB2009"
"NoExplorer"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{338B4DFE-2E2C-4338-9E41-E176D497299E}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D}]
"SystemComponent"= 0x0000000000 (0)
"Installer"="MSICD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D}\Contains]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D}\Contains\Files]
"C:\WINDOWS\system32\RCMedia.dll"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D}\DownloadInformation]
"CODEBASE"="http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab"
"INF"="C:\WINDOWS\Downloaded Program Files\RCMedia.inf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF25C291-E91C-11D3-873F-0000B4A2973D}\InstalledVersion]
@="1,4,0,31"
"LastModified"="Thu, 19 Aug 2010 08:58:15 GMT"

-= EOF =-

-----------------------------ComboFix

Why do you have to rename it?

Also it didn't ask me if I wanted to continue or give me any prompts, it just copied the secure point (I hope) & then started fixing.

Thank you

Ok, CF did stuff to the computer while I stepped away. It shut down Fx & I lost Yahoo & my ring central, thank gawd everything came back online when I clicked on it. I thought I lost my Internet & everything I had written in this post up until now.

Here's the log

ComboFix 12-01-02.01 - Michelle 01/02/2012 14:10:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1446 [GMT -6:00]
Running from: d:\downloads\Username123.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michelle\231.97]
c:\documents and settings\Michelle\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\Michelle\Application Data\Toolbar4
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\13b7a417232703c4b27b193fba6e2cde
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\3b194b7303d1532b1f5d39dea9b3ec11
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\5d25dd004ed9512e16e1d76d6deb2a6c
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\622bce39c48e19cebc684ad479f30525
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6edbc2eba99f3ac95a3e57b92dbd9418
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\92cca852350b3e48532151afdadcc5c5
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9e43b23ad10de3e0eceb370efafb39ef
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\b801583e8861fc45946de3f28fe5bb04
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740c9b718bf611c
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c81d0870792eee856f1fa6c4f43ceeee
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\db97ecdde59727f50132d25b008ece4e
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\dcd16c0f4842bc19d648b261e3cf263d
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\24c38a4b7ed33b16baefa8b8e3daf9f0
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\e31285dc114a51462284ab6f06d92dd8
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\fad0bb3b6dde19a843f661b9bec8e194
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\Michelle\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\documents and settings\Michelle\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Michelle\g2mdlhlpx.exe
c:\documents and settings\Michelle\WINDOWS
c:\program files\ChitChat Toolbar\tbHElper.dll
c:\windows\system32\Acrobat.dll
c:\windows\system32\IME\svchost.exe
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET88.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 19:46 . 2011-11-10 11:54	476904	-c--a-w-	c:\program files\Mozilla Firefox\plugins\REN204.tmp
2012-01-02 05:25 . 2012-01-02 05:25	--------	dc----w-	c:\documents and settings\Michelle\Application Data\Malwarebytes
2012-01-02 05:25 . 2012-01-02 05:25	--------	dc----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-02 05:25 . 2012-01-02 05:25	--------	dc----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-02 05:25 . 2011-12-10 21:24	20464	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-22 21:26 . 2006-08-02 05:02	49152	-c--a-w-	c:\windows\system32\ChCfg.exe
2011-12-22 21:25 . 2006-05-17 08:04	2879488	-c--a-w-	c:\windows\SkyTel.exe
2011-12-22 21:25 . 2011-12-22 21:25	--------	dc----w-	c:\program files\Realtek
2011-12-22 21:25 . 2006-09-13 04:34	499712	-c--a-w-	c:\windows\RtlExUpd.dll
2011-12-22 21:25 . 2006-02-07 21:45	757760	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-12-22 21:25 . 2006-02-07 21:40	204800	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-12-22 21:25 . 2006-02-07 21:40	69715	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-12-22 21:25 . 2006-02-07 21:40	274432	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-12-22 21:25 . 2005-11-14 05:19	5632	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-12-22 21:25 . 2011-12-22 21:25	331908	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-12-22 21:25 . 2011-12-22 21:25	200836	-c--a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-12-11 19:39 . 2011-12-11 22:57	--------	dc----w-	c:\documents and settings\Michelle\Application Data\Domain Name Analyzer v4.1
2011-12-11 19:39 . 2011-12-11 19:39	--------	dc----w-	c:\program files\Softnik Technologies
2011-12-10 15:38 . 2011-12-10 15:38	--------	d-----w-	C:\found.001
2011-12-09 04:28 . 2011-12-10 04:01	--------	dc----w-	C:\EVENTDB
2011-12-09 04:28 . 2011-12-09 10:59	--------	dc----w-	C:\LOGFILES
2011-12-09 04:28 . 2011-12-09 05:55	--------	dc----w-	C:\REPORTS
2011-12-09 04:28 . 2011-12-09 05:55	--------	dc----w-	C:\INFECTED
2011-12-09 01:39 . 2011-12-09 01:39	--------	dc----w-	c:\program files\OverDrive Media Console
2011-12-05 23:43 . 2011-12-05 23:43	--------	dc----w-	c:\program files\Cisco Systems
2011-12-05 23:13 . 2011-12-05 23:13	--------	dc----w-	c:\documents and settings\All Users\Application Data\Cisco Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 19:24 . 2010-09-24 07:11	83360	-c--a-w-	c:\windows\system32\LMIRfsClientNP.dll
2011-12-15 19:24 . 2010-09-24 07:11	52096	-c--a-w-	c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-15 19:24 . 2010-09-24 07:11	30592	-c--a-w-	c:\windows\system32\LMIport.dll
2011-12-15 19:24 . 2010-09-24 07:11	87424	-c--a-w-	c:\windows\system32\LMIinit.dll
2011-12-09 10:58 . 2011-10-29 15:05	134856	-c--a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-23 13:25 . 2006-02-28 12:00	1859584	-c--a-w-	c:\windows\system32\win32k.sys
2011-11-15 01:21 . 2011-05-26 16:10	414368	-c--a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 11:54 . 2010-11-19 07:32	472808	-c--a-w-	c:\windows\system32\deployJava1.dll
2011-11-10 09:27 . 2008-10-06 07:12	73728	-c--a-w-	c:\windows\system32\javacpl.cpl
2011-11-07 16:52 . 2011-11-07 16:52	4734	-c--a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-11-04 19:20 . 2006-02-28 12:00	916992	-c--a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00	43520	-c--a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00	1469440	-c----w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00	385024	-c--a-w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00	1288704	-c--a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00	33280	-c--a-w-	c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00	2148864	-c----w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59	2027008	-c----w-	c:\windows\system32\ntkrnlpa.exe
2011-10-19 21:56 . 2011-10-29 15:05	74640	-c--a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-19 21:56 . 2011-10-29 15:05	36000	-c--a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-18 11:13 . 2006-02-28 12:00	186880	-c--a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-24 02:29	692736	-c--a-w-	c:\windows\system32\inetcomm.dll
2011-10-07 14:37 . 2010-09-24 07:11	83360	-c--a-w-	c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-10-07 14:37 . 2010-09-24 07:11	87424	-c--a-w-	c:\windows\system32\LMIinit.dll.000.bak
2011-11-09 20:28 . 2011-06-25 00:57	134104	-c--a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2006-02-28 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-02-28 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-11-19_06.50.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51	51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_fda75712\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90kor.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	43840 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90jpn.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	56128 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90ita.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	57168 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90fra.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	56128 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90esp.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	56144 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90esn.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	51024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90enu.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	57664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90deu.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	38736 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90cht.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	38224 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_22d7157b\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2009-07-12 03:54 . 2009-07-12 03:54	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_b256a1bb\mfcm90u.dll
+ 2009-07-12 03:54 . 2009-07-12 03:54	59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_b256a1bb\mfcm90.dll
+ 2011-05-14 01:17 . 2011-05-14 01:17	65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920\vcomp.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-14 00:45 . 2011-05-14 00:45	40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 06:06 . 2011-05-14 06:06	57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 06:23 . 2011-05-14 06:23	69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 23:37 . 2011-05-13 23:37	97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2011-04-14 05:12 . 2011-04-14 05:12	82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2010-07-28 18:51 . 2010-07-28 18:51	82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-08-20 02:51 . 2009-08-20 02:51	73728 c:\windows\twain_32\BrSc09c\Common\BrStiIf.dll
+ 2008-07-09 04:16 . 2008-07-09 04:16	81920 c:\windows\twain_32\BrSc09c\Common\BrScnFlt.dll
+ 2009-08-20 02:51 . 2009-08-20 02:51	90112 c:\windows\twain_32\BrSc09c\Common\BrScnDev.dll
+ 2012-01-02 05:14 . 2012-01-02 05:14	16384 c:\windows\TEMP\Perflib_Perfdata_9fc.dat
+ 2012-01-02 19:46 . 2012-01-02 19:46	16384 c:\windows\TEMP\Perflib_Perfdata_1e3c.dat
+ 2011-06-11 06:58 . 2011-06-11 06:58	51024 c:\windows\system32\vcomp100.dll
+ 2011-05-28 23:08 . 1998-06-18 05:00	89360 c:\windows\system32\VB5DB.DLL
+ 2008-07-24 05:57 . 2011-11-08 13:46	46080 c:\windows\system32\tzchange.exe
- 2008-07-24 05:57 . 2010-06-21 14:46	46080 c:\windows\system32\tzchange.exe
+ 2011-09-06 22:57 . 2011-03-21 16:15	79168 c:\windows\system32\spool\drivers\w32x86\NitroUI.dll
+ 2011-09-06 22:57 . 2011-03-21 16:15	42304 c:\windows\system32\spool\drivers\w32x86\NitroGraphics.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	55168 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	43392 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	53760 c:\windows\system32\spool\drivers\w32x86\brothermfc_j615w89be\bril10b.dll
+ 2010-07-10 00:22 . 2010-10-11 21:39	52992 c:\windows\system32\spool\drivers\w32x86\3\RCPrnDrv.DLL
+ 2010-07-10 00:22 . 2010-10-11 21:39	33024 c:\windows\system32\spool\drivers\w32x86\3\RCLog.DLL
+ 2011-09-06 22:57 . 2011-03-21 16:15	79168 c:\windows\system32\spool\drivers\w32x86\3\NitroUI.dll
+ 2011-09-06 22:57 . 2011-03-21 16:15	42304 c:\windows\system32\spool\drivers\w32x86\3\NitroGraphics.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	55168 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2010-09-24 07:11 . 2011-12-15 19:24	43392 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	53760 c:\windows\system32\spool\drivers\w32x86\3\bril10b.dll
+ 2010-07-10 00:22 . 2010-10-11 21:39	52992 c:\windows\system32\spool\drivers\w32x86\1\RCPrnDrv.DLL
+ 2010-07-10 00:22 . 2010-10-11 21:39	33024 c:\windows\system32\spool\drivers\w32x86\1\RCLog.DLL
+ 2011-12-22 21:25 . 2005-09-21 14:24	86016 c:\windows\system32\ReinstallBackups\0006\DriverFiles\SOUNDMAN.EXE
+ 2011-12-22 21:25 . 2008-04-14 00:12	23552 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv
+ 2011-12-22 21:25 . 2008-04-13 18:45	49408 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys
+ 2011-12-22 21:25 . 2008-04-13 18:45	60160 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys
+ 2011-12-22 21:26 . 2005-05-03 22:43	69632 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCMTR.EXE
+ 2007-02-08 05:40 . 2007-02-08 05:40	64512 c:\windows\system32\ptpitcp.dll
+ 2006-02-28 12:00 . 2011-11-07 16:52	68706 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2011-09-26 16:41	20480 c:\windows\system32\oleaccrc.dll
+ 2011-03-21 16:17 . 2011-03-21 16:17	68928 c:\windows\system32\NLSSRV32.EXE
+ 2011-09-06 22:57 . 2011-03-21 16:15	17728 c:\windows\system32\nitrolocalui.dll
+ 2011-09-06 22:57 . 2011-03-21 16:15	26432 c:\windows\system32\nitrolocalmon.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	66560 c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	66560 c:\windows\system32\mshtmled.dll
- 2007-08-13 22:54 . 2010-09-10 05:58	55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 22:54 . 2011-11-04 19:20	55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	81744 c:\windows\system32\mfcm100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	81744 c:\windows\system32\mfcm100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	60752 c:\windows\system32\mfc100rus.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	43344 c:\windows\system32\mfc100kor.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	43856 c:\windows\system32\mfc100jpn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	62288 c:\windows\system32\mfc100ita.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	64336 c:\windows\system32\mfc100fra.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	63824 c:\windows\system32\mfc100esn.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	55120 c:\windows\system32\mfc100enu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	64336 c:\windows\system32\mfc100deu.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	36176 c:\windows\system32\mfc100cht.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	36176 c:\windows\system32\mfc100chs.dll
+ 2011-09-16 06:45 . 2007-04-09 17:23	28040 c:\windows\system32\mdimon.dll
- 2008-07-24 04:52 . 2007-04-09 17:23	28040 c:\windows\system32\mdimon.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	17744 c:\windows\system32\lfwpgu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	68432 c:\windows\system32\lfjbgu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	35152 c:\windows\system32\lfgifu.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	73728 c:\windows\system32\lffax13n.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	73728 c:\windows\system32\lffax13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	26448 c:\windows\system32\lfepsu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	30544 c:\windows\system32\lfbmpu.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	30208 c:\windows\system32\lfbmp13n.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	30208 c:\windows\system32\lfbmp13n.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	25600 c:\windows\system32\jsproxy.dll
+ 2008-07-24 02:29 . 2010-11-18 18:12	81920 c:\windows\system32\isign32.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	81920 c:\windows\system32\isign32.dll
+ 2011-01-03 19:49 . 2010-05-05 18:21	77712 c:\windows\system32\ICONLIB.dll
+ 2011-04-14 05:16 . 2007-06-06 13:25	40960 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDLM.dll
+ 2011-04-14 05:16 . 2007-06-06 13:36	28672 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGPD.dll
+ 2011-04-14 05:16 . 2007-06-06 13:18	45056 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDDynCC.DLL
+ 2011-02-23 00:17 . 2010-01-06 09:51	31051 c:\windows\system32\DRVSTORE\brpri10b_6EDA772B2903AB2A7EC33EFF6A4672C19A7255E8\brprtink.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	17328 c:\windows\system32\DRVSTORE\brpri10b_6EDA772B2903AB2A7EC33EFF6A4672C19A7255E8\bril10b.dll
+ 2011-02-23 00:17 . 2009-11-03 03:06	11520 c:\windows\system32\DRVSTORE\brpoi10b_D82372677EA608145D1247216F03684A9E10741C\x86\BrUsbSib.sys
+ 2011-02-23 00:17 . 2009-11-03 03:06	71424 c:\windows\system32\DRVSTORE\brpoi10b_D82372677EA608145D1247216F03684A9E10741C\x86\BrSerIb.sys
+ 2011-02-23 00:17 . 2009-08-18 10:36	27901 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrUsi09c.dll
+ 2011-02-23 00:17 . 2009-08-20 02:50	87430 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrTwdsUi.dll
+ 2011-02-23 00:17 . 2009-08-20 02:49	98460 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrTwds.dll
+ 2011-02-23 00:17 . 2009-08-20 03:51	48425 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrTwdLng.dll
+ 2011-02-23 00:17 . 2009-08-20 02:51	41679 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrStiIf.dll
+ 2011-02-23 00:17 . 2004-10-15 03:50	10713 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrScnUsb.sys
+ 2011-02-23 00:17 . 2008-07-09 04:16	48653 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrScnFlt.dll
+ 2011-02-23 00:17 . 2009-08-20 02:51	49296 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrScnDev.dll
+ 2011-05-06 18:19 . 2008-02-27 15:54	20480 c:\windows\system32\drivers\WLNdis50.sys
+ 2011-11-17 05:05 . 2008-04-13 20:45	60032 c:\windows\system32\drivers\USBAUDIO.sys
- 2004-08-03 23:08 . 2008-04-13 18:45	49408 c:\windows\system32\drivers\stream.sys
+ 2004-08-03 23:08 . 2008-04-13 20:45	49408 c:\windows\system32\drivers\stream.sys
+ 2008-07-24 07:45 . 2010-06-17 20:14	28520 c:\windows\system32\drivers\ssmdrv.sys
- 2008-07-24 07:45 . 2009-05-11 13:12	28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2010-12-10 23:17 . 2009-12-30 16:20	27064 c:\windows\system32\drivers\revoflt.sys
+ 2006-02-28 12:00 . 2010-11-02 15:17	40960 c:\windows\system32\drivers\ndproxy.sys
+ 2006-02-28 12:00 . 2011-07-08 14:02	10496 c:\windows\system32\drivers\ndistapi.sys
- 2008-07-24 08:38 . 2008-04-13 18:45	60160 c:\windows\system32\drivers\drmk.sys
+ 2008-07-24 08:38 . 2008-04-13 20:45	60160 c:\windows\system32\drivers\drmk.sys
+ 2006-02-28 12:00 . 2008-05-02 10:49	62976 c:\windows\system32\drivers\cdrom.sys
- 2006-02-28 12:00 . 2008-04-13 18:40	62976 c:\windows\system32\drivers\cdrom.sys
+ 2011-02-23 00:17 . 2009-11-03 03:06	11520 c:\windows\system32\drivers\BrUsbSib.sys
+ 2011-02-23 00:17 . 2009-11-03 03:06	71424 c:\windows\system32\drivers\BrSerIb.sys
+ 2010-08-02 15:52 . 2004-10-15 03:50	15295 c:\windows\system32\drivers\BrScnUsb.sys
- 2010-08-02 15:52 . 2004-10-15 16:50	15295 c:\windows\system32\drivers\BrScnUsb.sys
+ 2006-02-28 12:00 . 2009-04-20 17:17	45568 c:\windows\system32\dnsrslvr.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	45568 c:\windows\system32\dnsrslvr.dll
- 2009-06-12 18:56 . 2010-09-10 05:58	12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-12 18:56 . 2011-11-04 19:20	12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-07-24 02:29 . 2010-10-11 14:59	45568 c:\windows\system32\dllcache\wab.exe
+ 2011-11-17 05:05 . 2008-04-13 20:45	60032 c:\windows\system32\dllcache\usbaudio.sys
- 2004-08-03 23:08 . 2008-04-13 18:45	49408 c:\windows\system32\dllcache\stream.sys
+ 2004-08-03 23:08 . 2008-04-13 20:45	49408 c:\windows\system32\dllcache\stream.sys
+ 2006-02-28 12:00 . 2011-09-26 16:41	20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2006-02-28 12:00 . 2010-11-02 15:17	40960 c:\windows\system32\dllcache\ndproxy.sys
+ 2006-02-28 12:00 . 2011-07-08 14:02	10496 c:\windows\system32\dllcache\ndistapi.sys
+ 2006-02-28 12:00 . 2011-11-04 19:20	66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-07-24 04:59 . 2010-09-10 05:58	55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-24 04:59 . 2011-11-04 19:20	55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-07-24 02:29 . 2010-11-18 18:12	81920 c:\windows\system32\dllcache\isign32.dll
+ 2008-07-24 08:38 . 2008-04-13 20:45	60160 c:\windows\system32\dllcache\drmk.sys
- 2008-07-24 08:38 . 2008-04-13 18:45	60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-04-20 17:17 . 2009-04-20 17:17	45568 c:\windows\system32\dllcache\dnsrslvr.dll
- 2009-12-14 07:08 . 2009-12-14 07:08	33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31	33280 c:\windows\system32\dllcache\csrsrv.dll
- 2006-02-28 12:00 . 2008-04-13 18:40	62976 c:\windows\system32\dllcache\cdrom.sys
+ 2006-02-28 12:00 . 2008-05-02 10:49	62976 c:\windows\system32\dllcache\cdrom.sys
+ 2008-07-24 02:35 . 2011-11-30 17:34	32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-24 02:35 . 2008-07-24 08:36	32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-24 02:35 . 2011-11-30 17:34	32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-24 02:35 . 2008-07-24 08:36	32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-19 04:10 . 2011-11-19 04:10	16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-11-19 04:10 . 2011-11-30 17:34	16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-18 10:36 . 2009-08-18 10:36	55808 c:\windows\system32\BrUsi09c.dll
+ 2011-02-23 00:17 . 2010-01-06 09:51	61440 c:\windows\system32\brprtink.dll
+ 2010-08-02 15:52 . 2007-12-14 03:16	73728 c:\windows\system32\BrDctF2.dll
+ 2011-02-23 00:17 . 2006-07-07 17:40	73728 c:\windows\system32\BRCrypt.dll
+ 2011-01-03 19:49 . 2010-05-05 18:21	25280 c:\windows\system32\bmfaxprn.drv
- 2005-09-21 14:24 . 2005-09-21 14:24	86016 c:\windows\SOUNDMAN.EXE
+ 2005-09-21 14:24 . 2006-07-22 06:14	86016 c:\windows\SoundMan.exe
+ 2011-08-17 16:13 . 2011-08-17 16:13	19968 c:\windows\Installer\45bd00cc.msi
+ 2011-10-15 23:46 . 2011-10-15 23:46	22016 c:\windows\Installer\23e56445.msi
+ 2011-10-08 05:06 . 2011-10-08 05:06	22528 c:\windows\Installer\1f93262.msi
+ 2011-10-08 05:06 . 2011-10-08 05:06	28160 c:\windows\Installer\1f93257.msi
+ 2011-04-14 05:16 . 2011-04-14 05:16	45056 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
+ 2011-04-09 02:17 . 2011-04-09 02:17	14534 c:\windows\Installer\{E13890DC-1654-47A7-9F28-1A397AA1CE2F}\SystemFolder_msiexec.exe
+ 2011-04-09 02:17 . 2011-04-09 02:17	25214 c:\windows\Installer\{E13890DC-1654-47A7-9F28-1A397AA1CE2F}\StudioTax.exe
+ 2011-04-09 02:17 . 2011-04-09 02:17	26950 c:\windows\Installer\{E13890DC-1654-47A7-9F28-1A397AA1CE2F}\Overview.exe
+ 2011-04-09 02:17 . 2011-04-09 02:17	26694 c:\windows\Installer\{E13890DC-1654-47A7-9F28-1A397AA1CE2F}\help_en.exe
+ 2011-04-09 02:17 . 2011-04-09 02:17	25214 c:\windows\Installer\{E13890DC-1654-47A7-9F28-1A397AA1CE2F}\controlPanelIcon.exe
+ 2011-12-09 01:39 . 2011-12-09 01:39	25214 c:\windows\Installer\{D647F06F-2908-487E-9CDA-DE52148CBF49}\_4ae13d6c.exe
+ 2011-12-09 01:39 . 2011-12-09 01:39	25214 c:\windows\Installer\{D647F06F-2908-487E-9CDA-DE52148CBF49}\_2cd672ae.exe
+ 2011-12-09 01:39 . 2011-12-09 01:39	25214 c:\windows\Installer\{D647F06F-2908-487E-9CDA-DE52148CBF49}\_294823.exe
+ 2011-12-09 01:39 . 2011-12-09 01:39	25214 c:\windows\Installer\{D647F06F-2908-487E-9CDA-DE52148CBF49}\_18be6784.exe
+ 2011-10-15 23:49 . 2011-10-15 23:49	65536 c:\windows\Installer\{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-11-27 05:57 . 2010-11-27 05:57	11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
+ 2011-12-21 08:32 . 2011-12-21 08:32	38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-11-10 00:15 . 2010-11-10 00:15	38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-11-19 04:14 . 2011-11-19 04:14	65536 c:\windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2011-04-14 05:13 . 2011-04-14 05:13	92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartupShortcut10.exe
+ 2011-04-14 05:13 . 2011-04-14 05:13	92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareStartMenu10_1.exe
+ 2011-04-14 05:13 . 2011-04-14 05:13	92854 c:\windows\Installer\{42938595-0D83-404D-9F73-F8177FDD531A}\EasyShareDesktopShortcut10.exe
+ 2010-09-23 08:47 . 2010-09-23 08:47	35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 07:03 . 2010-09-23 07:03	99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07	70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 06:52 . 2010-09-23 06:52	27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 22:12 . 2010-09-22 22:12	15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2011-12-21 04:10 . 2011-08-22 23:48	12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	12800 c:\windows\ie8updates\KB2586448-IE8\xpshims.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	66560 c:\windows\ie8updates\KB2586448-IE8\mshtmled.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	55296 c:\windows\ie8updates\KB2586448-IE8\msfeedsbs.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	43520 c:\windows\ie8updates\KB2586448-IE8\licmgr10.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	25600 c:\windows\ie8updates\KB2586448-IE8\jsproxy.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	12800 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	43520 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	43520 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2011-04-14 05:12 . 2008-05-02 10:49	62976 c:\windows\Driver Cache\i386\cdrom.sys
+ 2011-12-05 22:05 . 2011-12-05 22:05	49152 c:\windows\Downloaded Program Files\WebEx\932\wbxtrace.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	70144 c:\windows\Downloaded Program Files\WebEx\932\wbxscutil.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	65536 c:\windows\Downloaded Program Files\WebEx\932\wbxcrypt.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	79160 c:\windows\Downloaded Program Files\WebEx\932\safereboot.exe
+ 2011-12-05 22:06 . 2011-12-05 22:06	27448 c:\windows\Downloaded Program Files\WebEx\932\atscjoin.exe
+ 2011-12-05 22:06 . 2011-12-05 22:06	48201 c:\windows\Downloaded Program Files\WebEx\932\atpack.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	24576 c:\windows\Downloaded Program Files\WebEx\932\atmemmgr.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	81408 c:\windows\Downloaded Program Files\WebEx\932\atjpeg60.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	53248 c:\windows\Downloaded Program Files\WebEx\932\atcarmcl.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	32648 c:\windows\Downloaded Program Files\WebEx\932\atasanot.exe
+ 2011-12-05 22:06 . 2011-12-05 22:06	95822 c:\windows\Downloaded Program Files\WebEx\932\atas32_lite.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	11576 c:\windows\Downloaded Program Files\WebEx\932\advlimit.exe
+ 2010-01-23 07:04 . 2010-01-23 07:04	99208 c:\windows\Downloaded Program Files\ieatgpc.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	28472 c:\windows\Downloaded Program Files\atgpcdec.dll
+ 2011-07-07 05:35 . 2011-07-07 05:35	65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\f5057c30d89ad8d99e38c946a68def9e\Microsoft.Build.Framework.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\aefe683674c97a998f4e908c1a7ee7c6\Microsoft.Build.Framework.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\845eef4d09f28da6ee05d99f93c90f6e\Microsoft.Build.Framework.ni.dll
+ 2011-07-07 05:35 . 2011-07-07 05:35	74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\623c05a555ac0719a1367f511d4a9270\Microsoft.Build.Framework.ni.dll
+ 2011-07-07 05:34 . 2011-07-07 05:34	14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\c40d3caad8bff3c52db7e7562286406a\dfsvc.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\ab7ce2d94ca725c3889a4e3c1ee88ece\dfsvc.ni.exe
+ 2011-07-07 05:33 . 2011-07-07 05:33	25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
+ 2011-10-15 22:07 . 2011-10-15 22:07	25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
+ 2011-04-14 05:13 . 2011-04-14 05:13	86016 c:\windows\assembly\GAC_MSIL\VirtualCollectionBase-Defs-PlatReq\1.0.7323.4563__b0cfd8589c27b05f\VirtualCollectionBase-Defs-PlatReq.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-04 16:40 . 2010-10-04 16:40	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-04-14 05:13 . 2011-04-14 05:13	38400 c:\windows\assembly\GAC_32\PeopleRecognition-Defs-PlatReq\1.1.7323.4563__b0cfd8589c27b05f\PeopleRecognition-Defs-PlatReq.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-05-03 22:43 . 2005-05-04 08:43	69632 c:\windows\Alcmtr.exe
- 2005-05-03 22:43 . 2005-05-03 22:43	69632 c:\windows\ALCMTR.EXE
+ 2011-08-28 00:16 . 2010-11-03 13:12	46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe
+ 2011-08-28 00:16 . 2011-07-09 00:32	16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll
+ 2011-08-28 00:08 . 2008-04-13 18:57	10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys
+ 2011-10-15 21:23 . 2006-02-28 12:00	16896 c:\windows\$NtUninstallKB2564958$\oleaccrc.dll
+ 2011-04-01 19:50 . 2008-07-08 13:02	26488 c:\windows\$hf_mig$\KB971029\update\spcustom.dll
+ 2011-04-01 19:50 . 2008-07-08 13:02	17272 c:\windows\$hf_mig$\KB971029\spmsg.dll
+ 2011-11-15 23:17 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2641690\update\spcustom.dll
+ 2011-11-15 23:17 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2641690\spmsg.dll
+ 2011-09-16 06:46 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2616676\update\spcustom.dll
+ 2011-09-16 06:46 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2616676\spmsg.dll
+ 2011-09-07 14:54 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2607712\update\spcustom.dll
+ 2011-09-07 14:54 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2607712\spmsg.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2592799\update\spcustom.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2592799\spmsg.dll
+ 2011-10-15 21:16 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2586448-IE8\update\spcustom.dll
+ 2011-10-15 21:16 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2586448-IE8\spmsg.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	12800 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\xpshims.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	66560 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtmled.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	55296 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeedsbs.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	43520 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\licmgr10.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	25600 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\jsproxy.dll
+ 2011-09-16 06:41 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2570947\update\spcustom.dll
+ 2011-09-16 06:41 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2570947\spmsg.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
+ 2011-08-28 00:14 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2011-08-28 00:14 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2567053\update\spcustom.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2567053\spmsg.dll
+ 2011-08-28 00:08 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
+ 2011-08-28 00:08 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
+ 2011-08-28 00:02 . 2011-07-08 13:51	10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
+ 2011-08-28 00:07 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
+ 2011-08-28 00:07 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
+ 2011-08-28 00:09 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-08-28 00:09 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-07-19 02:42 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-19 02:42 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2544893\update\spcustom.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2544893\spmsg.dll
+ 2011-11-15 23:20 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2544893-v2\update\spcustom.dll
+ 2011-11-15 23:20 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2544893-v2\spmsg.dll
+ 2011-06-16 16:45 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2544521-IE8\update\spcustom.dll
+ 2011-06-16 16:45 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2544521-IE8\spmsg.dll
+ 2011-07-07 04:26 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2541763\update\spcustom.dll
+ 2011-07-07 04:26 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2541763\spmsg.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2536276\update\spcustom.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2536276\spmsg.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
+ 2011-06-16 16:51 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2535512\update\spcustom.dll
+ 2011-06-16 16:51 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2535512\spmsg.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2530548-IE8\update\spcustom.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2530548-IE8\spmsg.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	12800 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\xpshims.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	66560 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtmled.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	55296 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeedsbs.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	43520 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\licmgr10.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	25600 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\jsproxy.dll
+ 2011-03-30 19:27 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2524375\update\spcustom.dll
+ 2011-03-30 19:27 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2524375\spmsg.dll
+ 2011-04-28 00:48 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2511455\update\spcustom.dll
+ 2011-04-28 00:48 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2511455\spmsg.dll
+ 2011-04-28 00:46 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2510531-IE8\update\spcustom.dll
+ 2011-04-28 00:46 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2510531-IE8\spmsg.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2509553\update\spcustom.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2509553\spmsg.dll
+ 2009-04-20 17:06 . 2009-04-20 17:06	45568 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2508429\spmsg.dll
+ 2011-04-28 00:50 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2508272\update\spcustom.dll
+ 2011-04-28 00:50 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2508272\spmsg.dll
+ 2011-07-19 02:47 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-19 02:47 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02	33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2507618\update\spcustom.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2507618\spmsg.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2506223\update\spcustom.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2506223\spmsg.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2506212\spmsg.dll
+ 2011-06-16 16:53 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2503665\update\spcustom.dll
+ 2011-06-16 16:53 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2503665\spmsg.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2503658\update\spcustom.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2503658\spmsg.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2497640-IE8\update\spcustom.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2497640-IE8\spmsg.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	12800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\xpshims.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	66560 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtmled.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	55296 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeedsbs.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	43520 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\licmgr10.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	25600 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\jsproxy.dll
+ 2011-04-28 00:55 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2485663\update\spcustom.dll
+ 2011-04-28 00:55 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2485663\spmsg.dll
+ 2011-02-09 08:05 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-09 08:05 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-09 08:01 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-09 08:01 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-11 04:49 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2011-03-11 04:49 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57	53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2011-03-11 04:51 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-11 04:51 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-09 08:07 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-09 08:07 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29	33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-06-16 16:54 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll
+ 2011-06-16 16:54 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2476490\spmsg.dll
+ 2010-12-15 08:04 . 2010-02-22 14:23	26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2010-12-15 08:04 . 2010-02-22 14:23	17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	17272 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12	81920 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2010-12-15 08:04 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB2440591\update\spcustom.dll
+ 2010-12-15 08:04 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB2440591\spmsg.dll
+ 2010-12-15 07:31 . 2010-11-03 05:55	40960 c:\windows\$hf_mig$\KB2440591\SP3QFE\ndproxy.sys
+ 2010-12-15 08:04 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB2436673\update\spcustom.dll
+ 2010-12-15 08:04 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB2436673\spmsg.dll
+ 2010-12-15 08:00 . 2010-02-22 14:23	26488 c:\windows\$hf_mig$\KB2423089\update\spcustom.dll
+ 2010-12-15 08:00 . 2010-02-22 14:23	17272 c:\windows\$hf_mig$\KB2423089\spmsg.dll
+ 2010-12-15 07:30 . 2010-10-11 14:55	45568 c:\windows\$hf_mig$\KB2423089\SP3QFE\wab.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23	26488 c:\windows\$hf_mig$\KB2419632\update\spcustom.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23	17272 c:\windows\$hf_mig$\KB2419632\spmsg.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	26488 c:\windows\$hf_mig$\KB2416400-IE8\update\spcustom.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	17272 c:\windows\$hf_mig$\KB2416400-IE8\spmsg.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	12800 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\xpshims.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	66560 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtmled.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	55296 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeedsbs.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	43520 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\licmgr10.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	25600 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\jsproxy.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-09 01:57 . 2010-12-09 15:15	16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2010-12-15 08:05 . 2009-05-26 11:40	26488 c:\windows\$hf_mig$\KB2296199\update\spcustom.dll
+ 2010-12-15 08:05 . 2009-05-26 11:40	17272 c:\windows\$hf_mig$\KB2296199\spmsg.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-04-26 20:35 . 2011-02-17 12:32	5120 c:\windows\system32\xpsp4res.dll
- 2009-04-26 20:35 . 2010-08-26 12:52	5120 c:\windows\system32\xpsp4res.dll
+ 2011-01-03 19:47 . 2010-05-05 18:22	8704 c:\windows\system32\ws2thk.dll
+ 2011-02-23 00:18 . 2008-07-23 16:00	7168 c:\windows\system32\spool\drivers\w32x86\brotherpc_fax_v_2_1f116\Brlfx05B.dll
+ 2011-02-23 00:18 . 2008-07-23 16:00	7168 c:\windows\system32\spool\drivers\w32x86\3\Brlfx05B.dll
+ 2011-12-22 21:25 . 2008-04-14 00:11	4096 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll
+ 2011-02-23 00:17 . 2009-08-18 10:34	7586 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrSti09c.dll
+ 2010-08-02 15:52 . 2010-01-22 20:34	3072 c:\windows\system32\BrDctF2S.dll
+ 2010-08-02 15:52 . 2007-12-14 03:16	5120 c:\windows\system32\BrDctF2L.dll
+ 2011-04-09 02:17 . 2011-04-09 02:17	4608 c:\windows\Installer\c1a34e.msi
+ 2008-07-24 04:52 . 2011-12-21 04:05	4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-10-04 20:41 . 2011-10-04 20:41	4286 c:\windows\Installer\{425C644F-3F69-429B-8B47-A7FD76BE4E21}\CrashPlanTray.exe
+ 2011-12-05 22:05 . 2011-12-05 22:05	5706 c:\windows\Downloaded Program Files\WebEx\932\atkbctl.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-10-04 16:41 . 2010-10-04 16:41	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-04-14 05:14 . 2011-04-14 05:14	3072 c:\windows\assembly\GAC_32\policy.2.0.EastmanKodakCompany.EasyShare\2.0.6005.7527__e736f44e197b3380\policy.2.0.EastmanKodakCompany.EasyShare.dll
+ 2011-04-14 05:14 . 2011-04-14 05:14	3072 c:\windows\assembly\GAC_32\policy.1.0.EastmanKodakCompany.EasyShare\1.0.0.2__e736f44e197b3380\policy.1.0.EastmanKodakCompany.EasyShare.dll
+ 2011-02-17 12:32 . 2011-02-17 12:32	5120 c:\windows\$hf_mig$\KB2508429\SP3QFE\xpsp4res.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	225280  c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	652608 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_e1702eb6\msvcr90.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	565584 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_e1702eb6\msvcp90.dll
+ 2009-07-12 03:54 . 2009-07-12 03:54	224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_e1702eb6\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_42101c2a\atl90.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17	632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12	554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11	479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2009-08-20 03:51 . 2009-08-20 03:51	106496 c:\windows\twain_32\BrSc09c\Lang\BrTwdLng.dll
+ 2009-08-20 02:50 . 2009-08-20 02:50	155648 c:\windows\twain_32\BrSc09c\Common\BrTwdsUi.dll
+ 2009-08-20 02:49 . 2009-08-20 02:49	172032 c:\windows\twain_32\BrSc09c\Common\BrTwds.dll
+ 2006-02-28 12:00 . 2011-06-20 17:44	293376 c:\windows\system32\winsrv.dll
- 2006-02-28 12:00 . 2010-06-18 17:45	293376 c:\windows\system32\winsrv.dll
+ 2006-02-28 12:00 . 2011-03-04 06:37	420864 c:\windows\system32\vbscript.dll
- 2006-02-28 12:00 . 2009-03-08 08:34	105984 c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	105984 c:\windows\system32\url.dll
+ 2011-01-03 19:49 . 2010-05-05 18:21	193696 c:\windows\system32\UNIDRV.dll
+ 2008-07-30 00:59 . 2011-09-26 16:41	611328 c:\windows\system32\uiautomationcore.dll
+ 2011-02-23 00:18 . 2008-07-23 16:00	165755 c:\windows\system32\spool\drivers\w32x86\brotherpc_fax_v_2_1f116\BRUFX05B.DLL
+ 2011-02-23 00:18 . 2008-07-23 16:00	177147 c:\windows\system32\spool\drivers\w32x86\brotherpc_fax_v_2_1f116\BROFX05B.DLL
+ 2010-07-10 00:22 . 2010-10-11 21:39	107776 c:\windows\system32\spool\drivers\w32x86\3\RCImaging.DLL
+ 2011-02-23 00:18 . 2008-07-23 16:00	165755 c:\windows\system32\spool\drivers\w32x86\3\BRUFX05B.DLL
+ 2011-02-23 00:18 . 2008-07-23 16:00	177147 c:\windows\system32\spool\drivers\w32x86\3\BROFX05B.DLL
+ 2009-02-13 03:29 . 2008-03-13 04:52	761344 c:\windows\system32\spool\drivers\w32x86\1\UNIRES.DLL
+ 2009-02-13 03:29 . 2008-07-06 12:06	744960 c:\windows\system32\spool\drivers\w32x86\1\UNIDRVUI.DLL
+ 2009-02-13 03:29 . 2008-07-06 12:06	373248 c:\windows\system32\spool\drivers\w32x86\1\UNIDRV.DLL
+ 2010-07-10 00:22 . 2010-10-11 21:39	107776 c:\windows\system32\spool\drivers\w32x86\1\RCImaging.DLL
+ 2006-02-28 12:00 . 2009-07-27 23:17	135168 c:\windows\system32\shsvcs.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	135168 c:\windows\system32\shsvcs.dll
+ 2006-02-28 12:00 . 2011-01-21 14:44	439296 c:\windows\system32\shimgvw.dll
+ 2006-02-28 12:00 . 2011-04-29 17:25	151552 c:\windows\system32\schannel.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	270848 c:\windows\system32\sbe.dll
+ 2006-02-28 12:00 . 2011-02-09 13:53	270848 c:\windows\system32\sbe.dll
+ 2005-09-16 18:14 . 2006-07-22 21:40	143360 c:\windows\system32\RTCOM\RtlCPAPI.dll
+ 2005-09-23 22:24 . 2006-08-18 04:03	270336 c:\windows\system32\RTCOM\RTCOMDLL.dll
+ 2011-12-22 21:26 . 2005-09-21 20:29	356352 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtlUpd.exe
+ 2011-12-22 21:26 . 2005-09-16 18:14	157184 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPAPI.dll
+ 2011-12-22 21:26 . 2005-09-23 22:24	249856 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTCOMDLL.dll
+ 2011-12-22 21:25 . 2008-04-13 19:19	146048 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys
+ 2011-12-22 21:25 . 2008-04-13 19:16	141056 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys
+ 2011-01-03 19:49 . 2010-05-05 18:21	166704 c:\windows\system32\R0tiff.dll
+ 2008-07-24 08:22 . 2008-05-28 07:13	425472 c:\windows\system32\photometadatahandler.dll
+ 2006-02-28 12:00 . 2011-11-07 16:52	436002 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2010-12-20 17:32	551936 c:\windows\system32\oleaut32.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	551936 c:\windows\system32\oleaut32.dll
+ 2006-02-28 12:00 . 2011-09-26 16:41	220160 c:\windows\system32\oleacc.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	249856 c:\windows\system32\odbc32.dll
+ 2006-02-28 12:00 . 2010-11-09 14:52	249856 c:\windows\system32\odbc32.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	206848 c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2010-12-09 15:15	718336 c:\windows\system32\ntdll.dll
+ 2010-08-02 15:51 . 2010-02-09 22:11	217088 c:\windows\system32\NSSearch.dll
+ 2006-02-28 12:00 . 2008-06-20 16:02	245248 c:\windows\system32\mswsock.dll
- 2006-02-28 12:00 . 2008-06-20 17:46	245248 c:\windows\system32\mswsock.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	773968 c:\windows\system32\msvcr100.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	421200 c:\windows\system32\msvcp100.dll
- 2008-07-24 02:28 . 2008-04-14 00:12	677888 c:\windows\system32\mstsc.exe
+ 2008-07-24 02:28 . 2011-01-27 11:57	677888 c:\windows\system32\mstsc.exe
- 2006-02-28 12:00 . 2010-09-10 05:58	611840 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	611840 c:\windows\system32\mstime.dll
+ 2007-08-13 22:54 . 2011-11-04 19:20	602112 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2010-09-10 05:58	602112 c:\windows\system32\msfeeds.dll
+ 2006-02-28 12:00 . 2011-02-08 13:33	974848 c:\windows\system32\mfc42u.dll
- 2006-02-28 12:00 . 2010-09-18 16:23	974848 c:\windows\system32\mfc42u.dll
+ 2006-02-28 12:00 . 2011-02-08 13:33	978944 c:\windows\system32\mfc42.dll
+ 2011-11-15 01:21 . 2011-11-15 01:21	247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
+ 2011-10-16 18:17 . 2011-10-16 18:17	247968 c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-01-03 17:50 . 2010-10-11 21:39	521552 c:\windows\system32\ltkrnu.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	453120 c:\windows\system32\ltkrn13n.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	453120 c:\windows\system32\ltkrn13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	226640 c:\windows\system32\Ltjp2u.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	157088 c:\windows\system32\ltimgutlu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	193872 c:\windows\system32\ltimgefxu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	411040 c:\windows\system32\ltimgcoru.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	218528 c:\windows\system32\ltimgclru.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	445440 c:\windows\system32\ltimg13n.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	445440 c:\windows\system32\ltimg13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	193872 c:\windows\system32\ltfilu.DLL
- 2010-07-10 00:22 . 2009-03-11 16:28	154112 c:\windows\system32\ltfil13n.DLL
+ 2010-07-10 00:22 . 2009-03-11 17:28	154112 c:\windows\system32\ltfil13n.DLL
+ 2011-01-03 17:50 . 2010-10-11 21:39	259408 c:\windows\system32\ltefxu.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	206848 c:\windows\system32\ltefx13n.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	206848 c:\windows\system32\ltefx13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	271776 c:\windows\system32\ltdisu.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	265216 c:\windows\system32\LTDIS13n.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	265216 c:\windows\system32\LTDIS13n.dll
+ 2006-02-28 12:00 . 2010-12-20 17:26	730112 c:\windows\system32\lsasrv.dll
- 2006-02-28 12:00 . 2009-06-25 08:25	730112 c:\windows\system32\lsasrv.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	165280 c:\windows\system32\lftifu.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	142848 c:\windows\system32\lftif13n.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	142848 c:\windows\system32\lftif13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	128416 c:\windows\system32\lfpngu.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	182784 c:\windows\system32\Lfpng13n.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	182784 c:\windows\system32\Lfpng13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	251296 c:\windows\system32\lfj2ku.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	246272 c:\windows\system32\LFJ2K13n.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	246272 c:\windows\system32\LFJ2K13n.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	107936 c:\windows\system32\lffaxu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	435616 c:\windows\system32\lfcmpu.DLL
+ 2010-07-10 00:22 . 2009-03-11 17:28	388608 c:\windows\system32\LFCMP13n.DLL
- 2010-07-10 00:22 . 2009-03-11 16:28	388608 c:\windows\system32\LFCMP13n.DLL
+ 2007-06-06 13:18 . 2007-06-06 13:18	196608 c:\windows\system32\KPDRES.DLL
+ 2007-06-06 13:38 . 2007-06-06 13:38	237568 c:\windows\system32\KPDPMUI.dll
+ 2007-06-06 13:38 . 2007-06-06 13:38	344064 c:\windows\system32\KPDPM.dll
- 2006-02-28 12:00 . 2009-06-25 08:25	301568 c:\windows\system32\kerberos.dll
+ 2006-02-28 12:00 . 2010-12-22 12:34	301568 c:\windows\system32\kerberos.dll
+ 2006-02-28 12:00 . 2011-03-04 06:37	726528 c:\windows\system32\jscript.dll
- 2006-02-28 12:00 . 2009-12-09 05:53	726528 c:\windows\system32\jscript.dll
+ 2012-01-02 19:46 . 2011-11-10 11:54	157472 c:\windows\system32\javaws.exe
+ 2012-01-02 19:46 . 2011-11-10 11:54	149280 c:\windows\system32\javaw.exe
+ 2012-01-02 19:46 . 2011-11-10 11:54	149280 c:\windows\system32\java.exe
+ 2011-04-14 05:12 . 2008-05-02 13:25	465920 c:\windows\system32\imapi2fs.dll
+ 2011-04-14 05:12 . 2008-05-02 13:25	317952 c:\windows\system32\imapi2.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	184320 c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-11-04 11:24	174080 c:\windows\system32\ie4uinit.exe
+ 2009-09-16 23:27 . 2009-09-16 23:27	508224 c:\windows\system32\ICCProfiles.dll
+ 2008-07-23 22:02 . 2011-12-21 08:27	741424 c:\windows\system32\FNTCACHE.DAT
- 2008-07-23 22:02 . 2010-10-14 00:35	741424  c:\windows\system32\FNTCACHE.DAT
+ 2011-04-14 05:16 . 2007-06-06 13:46	229376 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDVS.dll
+ 2011-04-14 05:16 . 2007-06-06 13:37	278528 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDUI.dll
+ 2011-04-14 05:16 . 2007-06-06 13:18	196608 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDRES.dll
+ 2011-04-14 05:16 . 2007-06-06 13:37	258048 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\KPDGDI.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	693715 c:\windows\system32\DRVSTORE\brpri10b_6EDA772B2903AB2A7EC33EFF6A4672C19A7255E8\briu10b.dll
+ 2006-02-28 12:00 . 2011-02-17 13:18	357888 c:\windows\system32\drivers\srv.sys
+ 2008-07-24 02:28 . 2011-06-24 14:10	139656 c:\windows\system32\drivers\rdpwd.sys
- 2008-07-24 02:28 . 2008-04-14 00:13	139656 c:\windows\system32\drivers\rdpwd.sys
- 2008-07-24 08:38 . 2008-04-13 19:19	146048 c:\windows\system32\drivers\portcls.sys
+ 2008-07-24 08:38 . 2008-04-13 21:19	146048 c:\windows\system32\drivers\portcls.sys
+ 2006-02-28 12:00 . 2011-04-21 13:37	105472 c:\windows\system32\drivers\mup.sys
+ 2006-02-28 12:00 . 2011-07-15 13:29	456320 c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-03 23:15 . 2008-04-13 19:16	141056 c:\windows\system32\drivers\ks.sys
+ 2004-08-03 23:15 . 2008-04-13 21:16	141056 c:\windows\system32\drivers\ks.sys
+ 2006-02-28 12:00 . 2011-08-17 13:49	138496 c:\windows\system32\drivers\afd.sys
- 2006-02-28 12:00 . 2008-08-14 10:04	138496 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 12:00 . 2011-03-03 06:55	149504 c:\windows\system32\dnsapi.dll
- 2010-06-18 17:45 . 2010-06-18 17:45	293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-06-20 17:44	293376 c:\windows\system32\dllcache\winsrv.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-07-24 02:29 . 2011-04-30 03:01	758784 c:\windows\system32\dllcache\vgx.dll
+ 2006-02-28 12:00 . 2011-03-04 06:37	420864 c:\windows\system32\dllcache\vbscript.dll
- 2006-02-28 12:00 . 2009-03-08 08:34	105984 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	105984 c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-02-17 13:18	357888 c:\windows\system32\dllcache\srv.sys
+ 2009-07-27 23:17 . 2009-07-27 23:17	135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44	439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25	151552 c:\windows\system32\dllcache\schannel.dll
+ 2006-02-28 12:00 . 2011-02-09 13:53	270848 c:\windows\system32\dllcache\sbe.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	270848 c:\windows\system32\dllcache\sbe.dll
+ 2008-07-24 02:28 . 2011-06-24 14:10	139656 c:\windows\system32\dllcache\rdpwd.sys
- 2008-07-24 02:28 . 2008-04-14 00:13	139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2008-07-24 08:38 . 2008-04-13 21:19	146048 c:\windows\system32\dllcache\portcls.sys
- 2008-07-24 08:38 . 2008-04-13 19:19	146048 c:\windows\system32\dllcache\portcls.sys
+ 2010-12-20 17:32 . 2010-12-20 17:32	551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2006-02-28 12:00 . 2011-09-26 16:41	220160 c:\windows\system32\dllcache\oleacc.dll
+ 2010-11-09 14:52 . 2010-11-09 14:52	249856 c:\windows\system32\dllcache\odbc32.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	206848 c:\windows\system32\dllcache\occache.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-26 20:37 . 2010-12-09 15:15	718336 c:\windows\system32\dllcache\ntdll.dll
+ 2006-02-28 12:00 . 2011-04-21 13:37	105472 c:\windows\system32\dllcache\mup.sys
- 2008-06-20 17:46 . 2008-06-20 17:46	245248 c:\windows\system32\dllcache\mswsock.dll
+ 2008-06-20 17:46 . 2008-06-20 16:02	245248 c:\windows\system32\dllcache\mswsock.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-07-24 02:29 . 2010-11-09 14:52	102400 c:\windows\system32\dllcache\msjro.dll
- 2008-07-24 02:29 . 2008-04-14 00:12	102400 c:\windows\system32\dllcache\msjro.dll
+ 2008-07-24 04:59 . 2011-11-04 19:20	602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-07-24 04:59 . 2010-09-10 05:58	602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-07-24 02:29 . 2010-11-09 14:52	200704 c:\windows\system32\dllcache\msadox.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	200704 c:\windows\system32\dllcache\msadox.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	180224 c:\windows\system32\dllcache\msadomd.dll
+ 2008-07-24 02:29 . 2010-11-09 14:52	180224 c:\windows\system32\dllcache\msadomd.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	536576 c:\windows\system32\dllcache\msado15.dll
+ 2008-07-24 02:29 . 2010-11-09 14:52	536576 c:\windows\system32\dllcache\msado15.dll
+ 2008-07-24 02:29 . 2010-11-09 14:52	143360 c:\windows\system32\dllcache\msadco.dll
- 2008-07-24 02:29 . 2008-04-14 00:11	143360 c:\windows\system32\dllcache\msadco.dll
+ 2006-02-28 12:00 . 2011-07-15 13:29	456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2006-02-28 12:00 . 2011-02-08 13:33	974848 c:\windows\system32\dllcache\mfc42u.dll
- 2006-02-28 12:00 . 2010-09-18 16:23	974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-10-13 23:27 . 2011-02-08 13:33	978944 c:\windows\system32\dllcache\mfc42.dll
+ 2009-04-26 20:37 . 2010-12-20 17:26	730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-04-26 20:37 . 2009-06-25 08:25	730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-07-24 02:28 . 2011-01-27 11:57	677888 c:\windows\system32\dllcache\lhmstsc.exe
- 2008-07-24 02:28 . 2008-04-14 00:12	677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2004-08-03 23:15 . 2008-04-13 21:16	141056 c:\windows\system32\dllcache\ks.sys
- 2004-08-03 23:15 . 2008-04-13 19:16	141056 c:\windows\system32\dllcache\ks.sys
- 2009-06-25 08:25 . 2009-06-25 08:25	301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34	301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37	726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-12-09 05:53	726528 c:\windows\system32\dllcache\jscript.dll
+ 2008-08-19 04:08 . 2011-10-10 14:22	692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-08-19 04:08 . 2010-06-09 07:43	692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-04-14 05:12 . 2008-05-02 13:25	465920 c:\windows\system32\dllcache\imapi2fs.dll
+ 2011-04-14 05:12 . 2008-05-02 13:25	317952 c:\windows\system32\dllcache\imapi2.dll
- 2009-06-12 18:56 . 2010-09-10 05:58	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 18:56 . 2011-11-04 19:20	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-14 03:30 . 2010-09-10 05:58	743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-14 03:30 . 2011-11-04 19:20	743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2010-09-10 05:58	387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-11-04 11:24	174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-10-18 11:13	186880 c:\windows\system32\dllcache\encdec.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-06-20 17:46 . 2011-03-03 06:55	149504 c:\windows\system32\dllcache\dnsapi.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	599040 c:\windows\system32\dllcache\crypt32.dll
+ 2006-02-28 12:00 . 2011-09-28 07:06	599040 c:\windows\system32\dllcache\crypt32.dll
+ 2010-04-20 05:30 . 2011-02-15 12:56	290432 c:\windows\system32\dllcache\atmfd.dll
- 2006-02-28 12:00 . 2008-08-14 10:04	138496 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2011-08-17 13:49	138496 c:\windows\system32\dllcache\afd.sys
+ 2006-02-28 12:00 . 2011-09-28 07:06	599040 c:\windows\system32\crypt32.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	599040 c:\windows\system32\crypt32.dll
+ 2010-08-02 15:52 . 2010-02-05 16:42	180224 c:\windows\system32\BroSNMP.dll
+ 2010-08-02 15:51 . 2009-10-13 21:59	180224 c:\windows\system32\BrMuSNMP.dll
+ 2011-02-23 00:16 . 2008-08-24 00:17	118784 c:\windows\system32\BrMfNt.dll
+ 2011-02-23 00:16 . 2008-10-18 01:02	126976 c:\windows\system32\BrfxD05b.dll
+ 2006-02-28 12:00 . 2011-02-15 12:56	290432 c:\windows\system32\atmfd.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	138056 c:\windows\system32\atl100.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18	388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
- 2010-05-11 10:40 . 2010-05-11 10:40	388936 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-03-25 11:15 . 2011-03-25 11:15	363856 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
- 2010-05-11 10:40 . 2010-05-11 10:40	989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18	989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2011-12-09 01:39 . 2011-12-09 01:39	493056 c:\windows\Installer\f40771a.msi
+ 2010-11-12 16:08 . 2010-11-12 16:08	889344 c:\windows\Installer\b89d6d7.msp
+ 2011-11-23 22:24 . 2011-11-23 22:25	333824 c:\windows\Installer\af51078.msi
+ 2011-06-16 16:54 . 2011-06-16 16:54	223744 c:\windows\Installer\65584ab1.msi
+ 2011-06-16 16:48 . 2011-06-16 16:48	467456 c:\windows\Installer\65584a43.msi
+ 2010-11-27 05:57 . 2010-11-27 05:57	454656 c:\windows\Installer\2108b86.msi
+ 2011-10-27 10:49 . 2011-10-27 10:49	160768 c:\windows\Installer\1c5d6f.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	295936 c:\windows\Installer\1b212fc3.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	370688 c:\windows\Installer\1b212fbc.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	404480 c:\windows\Installer\1b212fb5.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	213504 c:\windows\Installer\1b212fad.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	186368 c:\windows\Installer\1b212fa5.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	180736 c:\windows\Installer\1b212f9e.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	181248 c:\windows\Installer\1b212f97.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	475136 c:\windows\Installer\1b212f90.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	548352 c:\windows\Installer\1b212f89.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	291840 c:\windows\Installer\1b212f82.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	357376 c:\windows\Installer\1b212f7b.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	291840 c:\windows\Installer\1b212f74.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	182784 c:\windows\Installer\1b212f6d.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	288768 c:\windows\Installer\1b212f66.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	294912 c:\windows\Installer\1b212f5f.msi
+ 2011-04-14 04:54 . 2011-04-14 04:54	218624 c:\windows\Installer\1b116437.msi
+ 2011-11-11 02:43 . 2011-11-11 02:43	203776 c:\windows\Installer\11190a23.msi
+ 2011-04-14 05:16 . 2011-04-14 05:16	135168 c:\windows\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
+ 2011-10-16 02:42 . 2011-10-16 02:42	371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2011-04-14 04:56 . 2011-04-14 04:56	370070 c:\windows\Installer\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}\ARPPRODUCTICON.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-24 04:52 . 2011-12-21 04:05	593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-07-24 04:52 . 2010-11-10 00:14	593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-10-04 20:41 . 2011-10-04 20:41	355574 c:\windows\Installer\{425C644F-3F69-429B-8B47-A7FD76BE4E21}\controlPanelIcon.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07	338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-10 22:17 . 2010-09-10 22:17	684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 00:41 . 2010-09-23 00:41	542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07	932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 08:47 . 2010-09-23 08:47	349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 22:04 . 2010-09-22 22:04	660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-22 23:39 . 2010-09-22 23:39	280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07	338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-22 22:50 . 2010-09-22 22:50	251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10	155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10	140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-12-21 04:10 . 2011-08-22 23:48	916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-21 04:10 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-21 04:10 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-21 04:10 . 2011-08-22 23:48	206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-21 04:10 . 2011-08-22 11:56	174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-10-15 21:16 . 2011-06-23 18:36	916480 c:\windows\ie8updates\KB2586448-IE8\wininet.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	105984 c:\windows\ie8updates\KB2586448-IE8\url.dll
+ 2011-10-15 21:16 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2586448-IE8\spuninst\updspapi.dll
+ 2011-10-15 21:16 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2586448-IE8\spuninst\spuninst.exe
+ 2011-10-15 21:16 . 2011-06-23 18:36	206848 c:\windows\ie8updates\KB2586448-IE8\occache.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	611840 c:\windows\ie8updates\KB2586448-IE8\mstime.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	602112 c:\windows\ie8updates\KB2586448-IE8\msfeeds.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	247808 c:\windows\ie8updates\KB2586448-IE8\ieproxy.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	184320 c:\windows\ie8updates\KB2586448-IE8\iepeers.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	743424 c:\windows\ie8updates\KB2586448-IE8\iedvtool.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	387584 c:\windows\ie8updates\KB2586448-IE8\iedkcs32.dll
+ 2011-10-15 21:16 . 2011-06-23 12:05	173568 c:\windows\ie8updates\KB2586448-IE8\ie4uinit.exe
+ 2011-08-28 00:09 . 2011-04-25 16:11	916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-28 00:09 . 2009-03-08 08:34	105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-28 00:09 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-28 00:09 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-28 00:09 . 2011-04-25 16:11	206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-28 00:09 . 2011-04-25 12:01	173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-06-16 16:45 . 2009-03-08 08:33	759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-06-16 16:45 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-06-16 16:45 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-06-16 16:48 . 2011-02-22 23:06	916480 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-06-16 16:48 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-06-16 16:48 . 2011-02-22 23:06	206848 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	602112 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	247808 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	184320 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	743424 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	387584 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-06-16 16:48 . 2011-02-18 11:49	173568 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2011-04-28 00:46 . 2010-03-10 06:15	420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-04-28 00:46 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-04-28 00:46 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-04-28 00:46 . 2009-12-09 05:53	726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-04-28 00:54 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-04-28 00:54 . 2010-12-20 23:59	206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	602112 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-04-28 00:54 . 2010-12-20 12:55	173568 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-02-09 08:01 . 2010-11-06 00:26	916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-09 08:01 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-09 08:01 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-09 08:01 . 2010-11-06 00:26	206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-09 08:01 . 2010-11-03 12:26	173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-12-15 08:05 . 2010-09-10 05:58	916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-15 08:05 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-15 08:05 . 2010-09-10 05:58	206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-15 08:05 . 2010-08-26 12:22	173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2011-09-29 15:03 . 2011-09-29 15:03	274432 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000002\UsrClass.dat
+ 2011-09-29 15:03 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\9-29-2011\ERDNT.EXE
+ 2011-12-10 04:09 . 2011-12-10 04:09	282624 c:\windows\ERDNT\AutoBackup\12-9-2011\Users\00000002\UsrClass.dat
+ 2011-12-10 04:09 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-9-2011\ERDNT.EXE
+ 2011-12-05 23:36 . 2011-12-05 23:36	282624 c:\windows\ERDNT\AutoBackup\12-5-2011\Users\00000002\UsrClass.dat
+ 2011-12-05 23:36 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-5-2011\ERDNT.EXE
+ 2011-12-30 17:15 . 2011-12-30 17:15	282624 c:\windows\ERDNT\AutoBackup\12-30-2011\Users\00000002\UsrClass.dat
+ 2011-12-30 17:15 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-30-2011\ERDNT.EXE
+ 2011-12-25 03:21 . 2011-12-25 03:21	282624 c:\windows\ERDNT\AutoBackup\12-24-2011\Users\00000002\UsrClass.dat
+ 2011-12-25 03:21 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-24-2011\ERDNT.EXE
+ 2011-12-23 08:24 . 2011-12-23 08:24	282624 c:\windows\ERDNT\AutoBackup\12-23-2011\Users\00000002\UsrClass.dat
+ 2011-12-23 08:24 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-23-2011\ERDNT.EXE
+ 2011-12-22 18:01 . 2011-12-22 18:01	282624 c:\windows\ERDNT\AutoBackup\12-22-2011\Users\00000002\UsrClass.dat
+ 2011-12-22 18:01 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-22-2011\ERDNT.EXE
+ 2011-12-21 08:28 . 2011-12-21 08:28	282624 c:\windows\ERDNT\AutoBackup\12-21-2011\Users\00000002\UsrClass.dat
+ 2011-12-21 08:28 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-21-2011\ERDNT.EXE
+ 2011-12-20 14:40 . 2011-12-20 14:40	282624 c:\windows\ERDNT\AutoBackup\12-20-2011\Users\00000002\UsrClass.dat
+ 2011-12-20 14:40 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-20-2011\ERDNT.EXE
+ 2011-12-14 17:39 . 2011-12-14 17:39	282624 c:\windows\ERDNT\AutoBackup\12-14-2011\Users\00000002\UsrClass.dat
+ 2011-12-14 17:39 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-14-2011\ERDNT.EXE
+ 2011-12-10 15:49 . 2011-12-10 15:49	282624 c:\windows\ERDNT\AutoBackup\12-10-2011\Users\00000002\UsrClass.dat
+ 2011-12-10 15:49 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-10-2011\ERDNT.EXE
+ 2011-12-01 19:25 . 2011-12-01 19:25	282624 c:\windows\ERDNT\AutoBackup\12-1-2011\Users\00000002\UsrClass.dat
+ 2011-12-01 19:25 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\12-1-2011\ERDNT.EXE
+ 2011-11-07 16:51 . 2011-11-07 16:51	278528 c:\windows\ERDNT\AutoBackup\11-7-2011\Users\00000002\UsrClass.dat
+ 2011-11-07 16:51 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-7-2011\ERDNT.EXE
+ 2011-11-06 00:05 . 2011-11-06 00:05	278528 c:\windows\ERDNT\AutoBackup\11-5-2011\Users\00000002\UsrClass.dat
+ 2011-11-06 00:05 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-5-2011\ERDNT.EXE
+ 2011-11-30 17:34 . 2011-11-30 17:34	282624 c:\windows\ERDNT\AutoBackup\11-30-2011\Users\00000002\UsrClass.dat
+ 2011-11-30 17:34 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-30-2011\ERDNT.EXE
+ 2011-11-27 03:39 . 2011-11-27 03:39	282624 c:\windows\ERDNT\AutoBackup\11-26-2011\Users\00000002\UsrClass.dat
+ 2011-11-27 03:39 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-26-2011\ERDNT.EXE
+ 2011-11-25 19:10 . 2011-11-25 19:10	282624 c:\windows\ERDNT\AutoBackup\11-25-2011\Users\00000002\UsrClass.dat
+ 2011-11-25 19:10 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-25-2011\ERDNT.EXE
+ 2011-11-25 02:33 . 2011-11-25 02:33	282624 c:\windows\ERDNT\AutoBackup\11-24-2011\Users\00000002\UsrClass.dat
+ 2011-11-25 02:33 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-24-2011\ERDNT.EXE
+ 2011-11-21 19:21 . 2011-11-21 19:21	282624 c:\windows\ERDNT\AutoBackup\11-21-2011\Users\00000002\UsrClass.dat
+ 2011-11-21 19:21 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-21-2011\ERDNT.EXE
+ 2011-11-19 20:22 . 2011-11-19 20:22	282624 c:\windows\ERDNT\AutoBackup\11-19-2011\Users\00000002\UsrClass.dat
+ 2011-11-19 20:22 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-19-2011\ERDNT.EXE
+ 2011-11-15 07:06 . 2011-11-15 07:06	282624 c:\windows\ERDNT\AutoBackup\11-15-2011\Users\00000002\UsrClass.dat
+ 2011-11-15 07:06 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-15-2011\ERDNT.EXE
+ 2011-11-15 01:20 . 2011-11-15 01:20	282624 c:\windows\ERDNT\AutoBackup\11-14-2011\Users\00000002\UsrClass.dat
+ 2011-11-15 01:20 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\11-14-2011\ERDNT.EXE
+ 2011-10-09 00:29 . 2011-10-09 00:29	274432 c:\windows\ERDNT\AutoBackup\10-8-2011\Users\00000002\UsrClass.dat
+ 2011-10-09 00:29 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-8-2011\ERDNT.EXE
+ 2011-10-07 19:56 . 2011-10-07 19:56	274432 c:\windows\ERDNT\AutoBackup\10-7-2011\Users\00000002\UsrClass.dat
+ 2011-10-07 19:56 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-7-2011\ERDNT.EXE
+ 2011-10-31 16:42 . 2011-10-31 16:42	278528 c:\windows\ERDNT\AutoBackup\10-31-2011\Users\00000002\UsrClass.dat
+ 2011-10-31 16:42 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-31-2011\ERDNT.EXE
+ 2011-10-29 14:17 . 2011-10-29 14:17	278528 c:\windows\ERDNT\AutoBackup\10-29-2011\Users\00000002\UsrClass.dat
+ 2011-10-29 14:17 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-29-2011\ERDNT.EXE
+ 2011-10-27 10:24 . 2011-10-27 10:24	278528 c:\windows\ERDNT\AutoBackup\10-27-2011\Users\00000002\UsrClass.dat
+ 2011-10-27 10:24 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-27-2011\ERDNT.EXE
+ 2011-10-19 20:09 . 2011-10-19 20:09	278528 c:\windows\ERDNT\AutoBackup\10-19-2011\Users\00000002\UsrClass.dat
+ 2011-10-19 20:09 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-19-2011\ERDNT.EXE
+ 2011-10-16 18:16 . 2011-10-16 18:16	274432 c:\windows\ERDNT\AutoBackup\10-16-2011\Users\00000002\UsrClass.dat
+ 2011-10-16 18:16 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\10-16-2011\ERDNT.EXE
+ 2012-01-02 05:14 . 2012-01-02 05:14	282624 c:\windows\ERDNT\AutoBackup\1-1-2012\Users\00000002\UsrClass.dat
+ 2012-01-02 05:14 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-1-2012\ERDNT.EXE
+ 2011-04-03 07:47 . 2011-04-03 07:47	245760 c:\windows\ERDNT\4-3-2011\Users\00000002\UsrClass.dat
+ 2011-04-03 07:47 . 2005-10-20 16:02	163328 c:\windows\ERDNT\4-3-2011\ERDNT.EXE
+ 2011-03-30 04:57 . 2011-03-30 04:57	241664 c:\windows\ERDNT\3-30-2011\Users\00000002\UsrClass.dat
+ 2011-03-30 04:57 . 2005-10-20 16:02	163328 c:\windows\ERDNT\3-30-2011\ERDNT.EXE
+ 2011-03-27 16:58 . 2011-03-27 16:58	241664 c:\windows\ERDNT\3-27-2011\Users\00000002\UsrClass.dat
+ 2011-03-27 16:58 . 2005-10-20 16:02	163328 c:\windows\ERDNT\3-27-2011\ERDNT.EXE
+ 2008-12-04 19:18 . 2011-07-15 13:29	456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-12-05 22:05 . 2011-12-05 22:05	165176 c:\windows\Downloaded Program Files\WebEx\932\wbxreport.exe
+ 2011-12-05 22:05 . 2011-12-05 22:05	163840 c:\windows\Downloaded Program Files\WebEx\932\uilibres.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	217088 c:\windows\Downloaded Program Files\WebEx\932\scwbxui7.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	356352 c:\windows\Downloaded Program Files\WebEx\932\sccustres.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	278528 c:\windows\Downloaded Program Files\WebEx\932\attp.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	744760 c:\windows\Downloaded Program Files\WebEx\932\atsccust.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	221184 c:\windows\Downloaded Program Files\WebEx\932\atres_lite.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	311296 c:\windows\Downloaded Program Files\WebEx\932\atlchat.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	150091 c:\windows\Downloaded Program Files\WebEx\932\atdl2006.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	114764 c:\windows\Downloaded Program Files\WebEx\932\atasuicom.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	101256 c:\windows\Downloaded Program Files\WebEx\932\atasnt40.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	354192 c:\windows\Downloaded Program Files\WebEx\932\atasctrl_lite.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	364544 c:\windows\Downloaded Program Files\WebEx\932\atarm.dll
+ 2011-12-05 22:05 . 2011-12-05 22:05	185224 c:\windows\Downloaded Program Files\atgpcext.dll
+ 2011-12-05 22:06 . 2011-12-05 22:06	324920 c:\windows\Downloaded Program Files\atcliun.exe
+ 2011-08-28 00:21 . 2011-08-28 00:21	321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\c8627df7adb416722d8e0f05c57fef6b\WsatConfig.ni.exe
+ 2011-08-28 00:34 . 2011-08-28 00:34	202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-10-15 22:21 . 2011-10-15 22:21	202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2011-10-15 22:09 . 2011-10-15 22:09	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\734ab0ea87d7dfd5c583eea535c05878\System.Web.Abstractions.ni.dll
+ 2011-08-28 00:22 . 2011-08-28 00:22	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
+ 2011-08-28 00:22 . 2011-08-28 00:22	627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
+ 2011-08-28 00:22 . 2011-08-28 00:22	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-10-15 22:07 . 2011-10-15 22:07	381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\20a77c41ee12362d303fb2574fcd5a24\System.IO.Log.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-10-15 22:07 . 2011-10-15 22:07	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
+ 2011-08-28 00:18 . 2011-08-28 00:18	208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-10-15 21:26 . 2011-10-15 21:26	208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33e9b0c368c31ef37a2ec7b5a181044b\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6e45cf503f025c5fe814ea7e52f62a78\SMSvcHost.ni.exe
+ 2011-08-28 00:21 . 2011-08-28 00:21	256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\f2df1ca28301bfe7e1d52b86c8394217\ServiceModelReg.ni.exe
+ 2011-08-28 00:21 . 2011-08-28 00:21	320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-28 00:21 . 2011-08-28 00:21	133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\04595f414c49cf2a65b349648ba23e62\MSBuild.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4cbd7ed9fbf9f1b3cbdf23906cc0f5a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ff6d4892775fd1f9b137f7c92ea453f2\Microsoft.Build.Utilities.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\da112c5757e3c68d6369b6aa46cc9682\Microsoft.Build.Engine.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-07-07 05:35 . 2011-07-07 05:35	220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-10-15 22:08 . 2011-10-15 22:08	410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\4e68d5df30b197ff72c75f1c3c24b949\ComSvcConfig.ni.exe
+ 2011-08-28 00:20 . 2011-08-28 00:20	842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-10-15 22:07 . 2011-10-15 22:07	842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e1bcee92f5af50d560d577c0a99ea3bd\AspNetMMCExt.ni.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-10-04 16:40 . 2010-10-04 16:40	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-04-14 05:13 . 2011-04-14 05:13	442368 c:\windows\assembly\GAC_32\WicFileFormat-PlatOpt\1.1.7323.4563__b0cfd8589c27b05f\WicFileFormat-PlatOpt.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-04-14 05:14 . 2011-04-14 05:14	262144 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\2.0.6005.7527__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
+ 2011-04-14 05:14 . 2011-04-14 05:14	282624 c:\windows\assembly\GAC_32\EastmanKodakCompany.EasyShare\1.0.2698.25402__e736f44e197b3380\EastmanKodakCompany.EasyShare.dll
+ 2011-11-15 23:17 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2641690$\spuninst\updspapi.dll
+ 2011-11-15 23:17 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2641690$\spuninst\spuninst.exe
+ 2011-11-15 23:17 . 2011-09-09 09:12	599040 c:\windows\$NtUninstallKB2641690$\crypt32.dll
+ 2011-09-16 06:46 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2616676$\spuninst\updspapi.dll
+ 2011-09-16 06:46 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2616676$\spuninst\spuninst.exe
+ 2011-09-16 06:46 . 2011-09-03 10:17	599040 c:\windows\$NtUninstallKB2616676$\crypt32.dll
+ 2011-09-07 14:54 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2607712$\spuninst\updspapi.dll
+ 2011-09-07 14:54 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
+ 2011-09-07 14:54 . 2008-04-14 00:11	599040 c:\windows\$NtUninstallKB2607712$\crypt32.dll
+ 2011-10-15 21:17 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2592799$\spuninst\updspapi.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2592799$\spuninst\spuninst.exe
+ 2011-10-15 21:17 . 2011-02-16 13:22	138496 c:\windows\$NtUninstallKB2592799$\afd.sys
+ 2011-09-16 06:41 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2570947$\spuninst\updspapi.dll
+ 2011-09-16 06:41 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2570947$\spuninst\spuninst.exe
+ 2011-08-28 00:16 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2570791$\spuninst\updspapi.dll
+ 2011-08-28 00:16 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
+ 2011-08-28 00:13 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2570222$\spuninst\updspapi.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
+ 2011-08-28 00:13 . 2008-04-14 00:13	139656 c:\windows\$NtUninstallKB2570222$\rdpwd.sys
+ 2011-08-28 00:14 . 2011-04-26 11:07	293376 c:\windows\$NtUninstallKB2567680$\winsrv.dll
+ 2011-08-28 00:14 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2567680$\spuninst\updspapi.dll
+ 2011-08-28 00:14 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
+ 2011-10-15 21:17 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2567053$\spuninst\updspapi.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2567053$\spuninst\spuninst.exe
+ 2011-08-28 00:08 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2566454$\spuninst\updspapi.dll
+ 2011-08-28 00:08 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
+ 2011-10-15 21:23 . 2008-07-30 00:59	161296 c:\windows\$NtUninstallKB2564958$\uiautomationcore.dll
+ 2011-10-15 21:23 . 2011-08-12 18:51	382840 c:\windows\$NtUninstallKB2564958$\spuninst\updspapi.dll
+ 2011-10-15 21:23 . 2011-08-12 18:51	231288 c:\windows\$NtUninstallKB2564958$\spuninst\spuninst.exe
+ 2011-10-15 21:23 . 2006-02-28 12:00	163328 c:\windows\$NtUninstallKB2564958$\oleacc.dll
+ 2011-08-28 00:07 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2562937$\spuninst\updspapi.dll
+ 2011-08-28 00:07 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2562937$\spuninst\spuninst.exe
+ 2011-11-15 23:20 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2544893-v2$\spuninst\updspapi.dll
+ 2011-11-15 23:20 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe
+ 2011-11-15 23:20 . 2011-05-02 15:31	692736 c:\windows\$NtUninstallKB2544893-v2$\inetcomm.dll
+ 2011-08-28 00:13 . 2010-07-05 13:16	382840 c:\windows\$NtUninstallKB2536276-v2$\spuninst\updspapi.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	231288 c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
+ 2011-08-28 00:13 . 2011-04-29 16:19	456320 c:\windows\$NtUninstallKB2536276-v2$\mrxsmb.sys
+ 2011-04-01 19:50 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB971029\update\updspapi.dll
+ 2011-04-01 19:50 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB971029\update\update.exe
+ 2011-04-01 19:50 . 2008-07-08 13:02	231288 c:\windows\$hf_mig$\KB971029\spuninst.exe
+ 2009-07-27 22:13 . 2009-07-27 22:13	135168 c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
+ 2011-11-15 23:17 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2641690\update\updspapi.dll
+ 2011-11-15 23:17 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2641690\update\update.exe
+ 2011-11-15 23:17 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2641690\spuninst.exe
+ 2011-09-28 07:05 . 2011-09-28 07:05	599552 c:\windows\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
+ 2011-09-16 06:46 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2616676\update\updspapi.dll
+ 2011-09-16 06:46 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2616676\update\update.exe
+ 2011-09-16 06:46 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2616676\spuninst.exe
+ 2011-09-09 09:11 . 2011-09-09 09:11	599552 c:\windows\$hf_mig$\KB2616676\SP3QFE\crypt32.dll
+ 2011-09-07 14:54 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2607712\update\updspapi.dll
+ 2011-09-07 14:54 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2607712\update\update.exe
+ 2011-09-07 14:54 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2607712\spuninst.exe
+ 2011-09-03 10:16 . 2011-09-03 10:16	599552 c:\windows\$hf_mig$\KB2607712\SP3QFE\crypt32.dll
+ 2011-10-15 21:17 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2592799\update\updspapi.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2592799\update\update.exe
+ 2011-10-15 21:17 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2592799\spuninst.exe
+ 2011-10-13 16:11 . 2011-08-17 13:41	138496 c:\windows\$hf_mig$\KB2592799\SP3QFE\afd.sys
+ 2011-10-15 21:16 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2586448-IE8\update\updspapi.dll
+ 2011-10-15 21:16 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2586448-IE8\update\update.exe
+ 2011-10-15 21:16 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2586448-IE8\spuninst.exe
+ 2011-10-13 16:11 . 2011-08-22 23:47	919552 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	105984 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\url.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	206848 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\occache.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	611840 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mstime.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	602112 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\msfeeds.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	247808 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieproxy.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	184320 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iepeers.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	743424 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedvtool.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	387584 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iedkcs32.dll
+ 2011-10-13 16:11 . 2011-08-22 11:52	174080 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-16 06:41 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2570947\update\updspapi.dll
+ 2011-09-16 06:41 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2570947\update\update.exe
+ 2011-09-16 06:41 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2570947\spuninst.exe
+ 2011-08-28 00:13 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
+ 2011-08-28 00:13 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
+ 2011-08-28 00:04 . 2011-06-24 14:09	139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
+ 2011-08-28 00:14 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2011-08-28 00:14 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2011-08-28 00:14 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-06-20 17:43 . 2011-06-20 17:43	293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2011-10-15 21:17 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2567053\update\updspapi.dll
+ 2011-10-15 21:17 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2567053\update\update.exe
+ 2011-10-15 21:17 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2567053\spuninst.exe
+ 2011-08-28 00:08 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
+ 2011-08-28 00:08 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
+ 2011-08-28 00:08 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
+ 2011-08-28 00:07 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
+ 2011-08-28 00:07 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
+ 2011-08-28 00:07 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
+ 2011-08-28 00:09 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-08-28 00:09 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-08-28 00:09 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-08-28 00:04 . 2011-06-23 18:33	919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-08-28 00:04 . 2011-06-23 12:19	173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-07-19 02:42 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-19 02:42 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-19 02:42 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-06-16 16:48 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2544893\update\updspapi.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2544893\update\update.exe
+ 2011-06-16 16:48 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2544893\spuninst.exe
+ 2011-06-16 09:58 . 2011-05-02 15:30	692736 c:\windows\$hf_mig$\KB2544893\SP3QFE\inetcomm.dll
+ 2011-11-15 23:20 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2544893-v2\update\updspapi.dll
+ 2011-11-15 23:20 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2544893-v2\update\update.exe
+ 2011-11-15 23:20 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2544893-v2\spuninst.exe
+ 2011-10-10 14:21 . 2011-10-10 14:21	692736 c:\windows\$hf_mig$\KB2544893-v2\SP3QFE\inetcomm.dll
+ 2011-06-16 16:45 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2544521-IE8\update\updspapi.dll
+ 2011-06-16 16:45 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2544521-IE8\update\update.exe
+ 2011-06-16 16:45 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2544521-IE8\spuninst.exe
+ 2011-06-16 09:58 . 2011-04-30 02:59	758784 c:\windows\$hf_mig$\KB2544521-IE8\SP3QFE\vgx.dll
+ 2011-07-07 04:26 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2541763\update\updspapi.dll
+ 2011-07-07 04:26 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2541763\update\update.exe
+ 2011-07-07 04:26 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2541763\spuninst.exe
+ 2011-04-29 17:23 . 2011-04-29 17:23	151552 c:\windows\$hf_mig$\KB2541763\SP3QFE\schannel.dll
+ 2011-06-16 16:48 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2536276\update\updspapi.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2536276\update\update.exe
+ 2011-06-16 16:48 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2536276\spuninst.exe
+ 2011-06-16 09:59 . 2011-04-29 16:47	457856 c:\windows\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
+ 2011-08-28 00:13 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
+ 2011-08-28 00:13 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
+ 2011-08-28 00:13 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
+ 2011-08-28 00:05 . 2011-07-15 13:29	457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
+ 2011-06-16 16:51 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2535512\update\updspapi.dll
+ 2011-06-16 16:51 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2535512\update\update.exe
+ 2011-06-16 16:51 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2535512\spuninst.exe
+ 2011-06-16 09:59 . 2011-04-21 13:52	105472 c:\windows\$hf_mig$\KB2535512\SP3QFE\mup.sys
+ 2011-06-16 16:48 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2530548-IE8\update\updspapi.dll
+ 2011-06-16 16:48 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2530548-IE8\update\update.exe
+ 2011-06-16 16:48 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2530548-IE8\spuninst.exe
+ 2011-06-16 09:59 . 2011-04-25 16:09	919552 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	206848 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\occache.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	611840 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mstime.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	602112 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\msfeeds.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	247808 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieproxy.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	184320 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iepeers.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	743424 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedvtool.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	387584 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iedkcs32.dll
+ 2011-06-16 09:59 . 2011-04-25 11:37	173568 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-30 19:27 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2524375\update\updspapi.dll
+ 2011-03-30 19:27 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2524375\update\update.exe
+ 2011-03-30 19:27 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2524375\spuninst.exe
+ 2011-04-28 00:48 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2511455\update\updspapi.dll
+ 2011-04-28 00:48 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2511455\update\update.exe
+ 2011-04-28 00:48 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2511455\spuninst.exe
+ 2011-04-20 18:57 . 2011-02-17 13:19	457472 c:\windows\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
+ 2011-04-28 00:46 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2510531-IE8\update\updspapi.dll
+ 2011-04-28 00:46 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2510531-IE8\update\update.exe
+ 2011-04-28 00:46 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2510531-IE8\spuninst.exe
+ 2011-04-20 18:57 . 2011-03-04 06:35	420864 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\vbscript.dll
+ 2011-04-20 18:57 . 2011-03-04 06:35	726528 c:\windows\$hf_mig$\KB2510531-IE8\SP3QFE\jscript.dll
+ 2011-04-28 00:47 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2509553\update\updspapi.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2509553\update\update.exe
+ 2011-04-28 00:47 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2509553\spuninst.exe
+ 2008-06-20 11:16 . 2008-06-20 11:16	225856 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip6.sys
+ 2008-06-20 11:59 . 2008-06-20 11:59	361600 c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
+ 2008-06-20 17:43 . 2008-06-20 17:43	245248 c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
+ 2011-03-03 06:53 . 2011-03-03 06:53	149504 c:\windows\$hf_mig$\KB2509553\SP3QFE\dnsapi.dll
+ 2008-10-16 15:07 . 2008-10-16 15:07	138496 c:\windows\$hf_mig$\KB2509553\SP3QFE\afd.sys
+ 2011-04-28 00:49 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2508429\update\updspapi.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2508429\update\update.exe
+ 2011-04-28 00:49 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2508429\spuninst.exe
+ 2011-02-17 13:19 . 2011-02-17 13:19	357888 c:\windows\$hf_mig$\KB2508429\SP3QFE\srv.sys
+ 2011-04-28 00:50 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2508272\update\updspapi.dll
+ 2011-04-28 00:50 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2508272\update\update.exe
+ 2011-04-28 00:50 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2508272\spuninst.exe
+ 2011-07-19 02:47 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-19 02:47 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-19 02:47 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02	293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2011-04-28 00:49 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2507618\update\updspapi.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2507618\update\update.exe
+ 2011-04-28 00:49 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2507618\spuninst.exe
+ 2011-02-15 13:05 . 2011-02-15 13:05	290432 c:\windows\$hf_mig$\KB2507618\SP3QFE\atmfd.dll
+ 2011-04-28 00:54 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2506223\update\updspapi.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2506223\update\update.exe
+ 2011-04-28 00:54 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2506223\spuninst.exe
+ 2011-04-28 00:47 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2506212\update\updspapi.dll
+ 2011-04-28 00:47 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2506212\update\update.exe
+ 2011-04-28 00:47 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2506212\spuninst.exe
+ 2011-02-08 13:32 . 2011-02-08 13:32	974848 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42u.dll
+ 2011-02-08 13:32 . 2011-02-08 13:32	978944 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42.dll
+ 2011-06-16 16:53 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2503665\update\updspapi.dll
+ 2011-06-16 16:53 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2503665\update\update.exe
+ 2011-06-16 16:53 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2503665\spuninst.exe
+ 2011-06-16 10:00 . 2011-02-16 13:25	138496 c:\windows\$hf_mig$\KB2503665\SP3QFE\afd.sys
+ 2011-04-28 00:49 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2503658\update\updspapi.dll
+ 2011-04-28 00:49 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2503658\update\update.exe
+ 2011-04-28 00:49 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2503658\spuninst.exe
+ 2011-03-07 05:31 . 2011-03-07 05:31	692736 c:\windows\$hf_mig$\KB2503658\SP3QFE\inetcomm.dll
+ 2011-04-28 00:54 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2497640-IE8\update\updspapi.dll
+ 2011-04-28 00:54 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2497640-IE8\update\update.exe
+ 2011-04-28 00:54 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2497640-IE8\spuninst.exe
+ 2011-04-20 18:58 . 2011-02-22 23:27	919552 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	206848 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\occache.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	611840 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mstime.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	602112 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\msfeeds.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	247808 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieproxy.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	184320 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iepeers.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	743424 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedvtool.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	387584 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iedkcs32.dll
+ 2011-04-20 18:58 . 2011-02-22 12:08	173568 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ie4uinit.exe
+ 2011-04-28 00:55 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2485663\update\updspapi.dll
+ 2011-04-28 00:55 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2485663\update\update.exe
+ 2011-04-28 00:55 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2485663\spuninst.exe
+ 2011-02-09 08:05 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-09 08:05 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-09 08:05 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09	290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-09 08:04 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-09 08:04 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42	439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-09 08:01 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-09 08:01 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-09 08:01 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-09 01:57 . 2010-12-20 23:58	919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-09 01:57 . 2010-12-20 12:48	173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-11 04:49 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2011-03-11 04:49 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-11 04:49 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41	677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57	136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2011-03-11 04:51 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-11 04:51 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-11 04:51 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52	270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52	186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-09 08:04 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-09 08:04 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-09 08:04 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-09 08:07 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-09 08:07 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-09 08:07 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32	301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-09 08:00 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-09 08:00 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24	730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-09 08:00 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-09 08:00 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-06-16 16:54 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2476490\update\updspapi.dll
+ 2011-06-16 16:54 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2476490\update\update.exe
+ 2011-06-16 16:54 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2476490\spuninst.exe
+ 2010-12-20 17:30 . 2010-12-20 17:30	552448 c:\windows\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
+ 2010-12-15 08:04 . 2010-02-22 14:23	382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2010-12-15 08:04 . 2010-02-22 14:23	755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2010-12-15 08:04 . 2010-02-22 14:23	231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2010-12-15 08:05 . 2010-02-22 14:23	382840 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	755576 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2010-12-15 08:05 . 2010-02-22 14:23	231288 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2010-12-15 08:04 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB2440591\update\updspapi.dll
+ 2010-12-15 08:04 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB2440591\update\update.exe
+ 2010-12-15 08:04 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB2440591\spuninst.exe
+ 2010-12-15 08:04 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB2436673\update\updspapi.dll
+ 2010-12-15 08:04 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB2436673\update\update.exe
+ 2010-12-15 08:04 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB2436673\spuninst.exe
+ 2010-12-15 08:00 . 2010-02-22 14:23	382840 c:\windows\$hf_mig$\KB2423089\update\updspapi.dll
+ 2010-12-15 08:00 . 2010-02-22 14:23	755576 c:\windows\$hf_mig$\KB2423089\update\update.exe
+ 2010-12-15 08:00 . 2010-02-22 14:23	231288 c:\windows\$hf_mig$\KB2423089\spuninst.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23	382840 c:\windows\$hf_mig$\KB2419632\update\updspapi.dll
+ 2011-01-12 08:00 . 2010-02-22 14:23	755576 c:\windows\$hf_mig$\KB2419632\update\update.exe
+ 2011-01-12 08:00 . 2010-02-22 14:23	231288 c:\windows\$hf_mig$\KB2419632\spuninst.exe
+ 2010-11-09 14:50 . 2010-11-09 14:50	253952 c:\windows\$hf_mig$\KB2419632\SP3QFE\odbc32.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	102400 c:\windows\$hf_mig$\KB2419632\SP3QFE\msjro.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	200704 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadox.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	180224 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadomd.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	565248 c:\windows\$hf_mig$\KB2419632\SP3QFE\msado15.dll
+ 2010-11-09 14:50 . 2010-11-09 14:50	143360 c:\windows\$hf_mig$\KB2419632\SP3QFE\msadco.dll
+ 2010-12-15 08:05 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2416400-IE8\update\updspapi.dll
+ 2010-12-15 08:05 . 2010-02-22 14:23	755576 c:\windows\$hf_mig$\KB2416400-IE8\update\update.exe
+ 2010-12-15 08:05 . 2010-02-22 14:23	231288 c:\windows\$hf_mig$\KB2416400-IE8\spuninst.exe
+ 2010-12-15 07:31 . 2010-11-06 00:27	919552 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	206848 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\occache.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	611840 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mstime.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	602112 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\msfeeds.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	247808 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieproxy.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	184320 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iepeers.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	743424 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedvtool.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	387584 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iedkcs32.dll
+ 2010-12-15 07:31 . 2010-11-03 12:01	173568 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ie4uinit.exe
+ 2011-02-09 08:00 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-09 08:00 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-09 08:00 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-09 01:57 . 2010-12-09 15:15	718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2010-12-15 08:05 . 2009-05-26 11:40	382840 c:\windows\$hf_mig$\KB2296199\update\updspapi.dll
+ 2010-12-15 08:05 . 2009-05-26 11:40	755576 c:\windows\$hf_mig$\KB2296199\update\update.exe
+ 2010-12-15 08:05 . 2009-05-26 11:40	231288 c:\windows\$hf_mig$\KB2296199\spuninst.exe
+ 2010-10-28 13:08 . 2010-10-28 13:08	290048 c:\windows\$hf_mig$\KB2296199\SP3QFE\atmfd.dll
+ 2011-04-20 18:58 . 2010-10-23 00:51	1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51	3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	1159488 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_b256a1bb\mfc90u.dll
+ 2009-07-12 03:51 . 2009-07-12 03:51	1153352 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.218_x-ww_b256a1bb\mfc90.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04	1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 01:04 . 2011-05-14 01:04	1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2011-04-14 05:12 . 2011-04-14 05:12	1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-08-20 02:51 . 2009-08-20 02:51	1478656 c:\windows\twain_32\BrSc09c\Common\BrTwdScn.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	1212416 c:\windows\system32\urlmon.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	1884160 c:\windows\system32\spool\drivers\w32x86\brothermfc_j615w89be\briu10b.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	1710080 c:\windows\system32\spool\drivers\w32x86\brothermfc_j615w89be\brio10b.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	1884160 c:\windows\system32\spool\drivers\w32x86\3\briu10b.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	1710080 c:\windows\system32\spool\drivers\w32x86\3\brio10b.dll
- 2006-02-28 12:00 . 2010-07-27 06:30	8462336 c:\windows\system32\shell32.dll
+ 2006-02-28 12:00 . 2011-01-21 14:44	8462336 c:\windows\system32\shell32.dll
+ 2011-12-22 21:25 . 2005-09-21 19:23	9710592 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPL.EXE
+ 2011-12-22 21:25 . 2005-09-23 22:56	3966976 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RtkHDAud.sys
+ 2011-12-22 21:25 . 2005-09-07 14:40	2142208 c:\windows\system32\ReinstallBackups\0006\DriverFiles\MicCal.exe
+ 2011-12-22 21:26 . 2005-09-21 19:32	2807808 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCWZRD.EXE
+ 2008-07-24 02:28 . 2011-02-02 07:58	2067456 c:\windows\system32\mstscax.dll
+ 2006-02-28 12:00 . 2011-11-04 19:20	5978112 c:\windows\system32\mshtml.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	4422992 c:\windows\system32\mfc100u.dll
+ 2011-06-11 06:58 . 2011-06-11 06:58	4397384 c:\windows\system32\mfc100.dll
+ 2010-01-27 01:07 . 2011-11-15 01:21	8527008 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	2319776 c:\windows\system32\ltwvcu.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	1549728 c:\windows\system32\ltwvca.dll
+ 2011-01-03 17:50 . 2010-10-11 21:39	2315680 c:\windows\system32\ltwvc2u.dll
+ 2010-07-10 00:22 . 2009-03-11 17:28	1009664 c:\windows\system32\Ltwvc13n.dll
- 2010-07-10 00:22 . 2009-03-11 16:28	1009664 c:\windows\system32\Ltwvc13n.dll
+ 2007-08-13 22:34 . 2011-11-04 19:20	2000384 c:\windows\system32\iertutil.dll
+ 2011-04-14 05:16 . 2007-06-06 13:57	2363392 c:\windows\system32\DRVSTORE\kpd_116B8E56BDDDF953EAB6D8D8F5CDA37DE77C0E1A\xerces-c_2_7.dll
+ 2011-02-23 00:17 . 2010-01-08 04:43	1062712 c:\windows\system32\DRVSTORE\brpri10b_6EDA772B2903AB2A7EC33EFF6A4672C19A7255E8\brio10b.dll
+ 2011-02-23 00:17 . 2009-08-18 10:40	1602741 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\x86\BrWia09c.dll
+ 2011-02-23 00:17 . 2010-01-12 02:01	1604430 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\x86\BrWi209c.dll
+ 2011-02-23 00:17 . 2009-08-20 02:51	1288808 c:\windows\system32\DRVSTORE\brimi10b_A6F5BA730EF2AAEF9680B801195A77800797E1CA\BrTwdScn.dll
+ 2005-09-23 22:56 . 2006-11-16 04:34	4225920 c:\windows\system32\drivers\RtkHDAud.Sys
+ 2008-11-08 15:36 . 2011-11-23 13:25	1859584 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-28 12:00 . 2011-11-04 19:20	1212416 c:\windows\system32\dllcache\urlmon.dll
- 2008-06-17 19:02 . 2010-07-27 06:30	8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44	8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07	1288704 c:\windows\system32\dllcache\ole32.dll
+ 2008-11-08 15:36 . 2011-10-25 13:33	2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2004-08-03 22:59 . 2011-10-25 12:52	2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-11-08 15:36 . 2011-10-25 12:52	2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-02-28 12:00 . 2011-10-25 13:37	2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-02-28 12:00 . 2011-11-04 19:20	5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-24 02:28 . 2011-02-02 07:58	2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2008-07-24 04:59 . 2011-11-04 19:20	2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-18 10:40 . 2009-08-18 10:40	1535488 c:\windows\system32\BrWia09c.dll
+ 2005-09-21 20:29 . 2006-11-14 03:07	1183744 c:\windows\RtlUpd.exe
+ 2005-09-21 19:23 . 2006-05-05 06:35	9709568 c:\windows\RTLCPL.exe
+ 2011-03-25 11:15 . 2011-03-25 11:15	5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2008-07-25 16:17 . 2008-07-25 16:17	5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-03-23 09:32 . 2010-03-23 09:32	3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-04-29 02:50 . 2011-04-29 02:50	3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18	5912400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2010-05-11 10:40 . 2010-05-11 10:40	4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-07-07 10:18 . 2011-07-07 10:18	4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-07 14:40 . 2006-10-12 07:42	2157568 c:\windows\MicCal.exe
+ 2011-01-19 04:36 . 2011-01-19 04:36	2687488 c:\windows\Installer\f767c67.msp
+ 2011-09-07 23:36 . 2011-09-07 23:36	6069248 c:\windows\Installer\df9c9.msp
+ 2011-11-03 19:31 . 2011-11-03 19:31	5525504 c:\windows\Installer\babef.msp
+ 2010-10-22 20:45 . 2010-10-22 20:45	8444928 c:\windows\Installer\b89d6ef.msp
+ 2010-12-06 20:02 . 2010-12-06 20:02	5518848 c:\windows\Installer\b89d6bc.msp
+ 2010-10-02 02:53 . 2010-10-02 02:53	4147712 c:\windows\Installer\b89d6a5.msp
+ 2011-02-22 15:32 . 2011-02-22 15:32	5520384 c:\windows\Installer\b4687ec.msp
+ 2011-05-02 05:06 . 2011-05-02 05:06	2705920 c:\windows\Installer\a09c2.msp
+ 2011-07-26 18:50 . 2011-07-26 18:50	5522432 c:\windows\Installer\a09b9.msp
+ 2011-09-06 22:57 . 2011-09-06 22:57	1025024 c:\windows\Installer\6ae1a82.msi
+ 2011-04-29 17:28 . 2011-04-29 17:28	1995264 c:\windows\Installer\65584aba.msp
+ 2011-04-28 00:51 . 2011-04-28 00:51	6825472 c:\windows\Installer\65584aa8.msp
+ 2011-05-20 22:31 . 2011-05-20 22:31	5518848 c:\windows\Installer\65584a91.msp
+ 2011-05-17 23:28 . 2011-05-17 23:28	6862848 c:\windows\Installer\65584a7a.msp
+ 2011-04-29 17:33 . 2011-04-29 17:33	8173568 c:\windows\Installer\65584a63.msp
+ 2011-04-29 18:04 . 2011-04-29 18:04	5053440 c:\windows\Installer\65584a59.msp
+ 2011-04-29 17:30 . 2011-04-29 17:30	1197056 c:\windows\Installer\65584a30.msp
+ 2011-08-10 22:43 . 2011-08-10 22:43	3795968 c:\windows\Installer\64e524b.msp
+ 2011-07-26 13:17 . 2011-07-26 13:17	6824960 c:\windows\Installer\64e522a.msp
+ 2011-08-16 17:35 . 2011-08-16 17:35	5519872 c:\windows\Installer\64e5213.msp
+ 2011-07-21 17:34 . 2011-07-21 17:34	3456000 c:\windows\Installer\64e51fd.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48	8181248 c:\windows\Installer\64e51f0.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39	9892352 c:\windows\Installer\64e51e6.msp
+ 2011-01-27 18:49 . 2011-01-27 18:49	6825472 c:\windows\Installer\62497826.msp
+ 2011-04-05 16:52 . 2011-04-05 16:52	5519872 c:\windows\Installer\624977f8.msp
+ 2010-11-21 03:34 . 2010-11-21 03:34	1198080 c:\windows\Installer\624977d4.msp
+ 2011-03-18 00:01 . 2011-03-18 00:01	9563648 c:\windows\Installer\624977ca.msp
+ 2011-03-03 15:25 . 2011-03-03 15:25	5051904 c:\windows\Installer\624977c0.msp
+ 2011-01-11 21:50 . 2011-01-11 21:50	8177152 c:\windows\Installer\624977a9.msp
+ 2011-05-23 19:15 . 2011-05-23 19:15	3617792 c:\windows\Installer\34a4ce08.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34	2531840 c:\windows\Installer\2fabd.msp
+ 2011-12-13 07:10 . 2011-12-13 07:10	4703232 c:\windows\Installer\2fab4.msp
+ 2011-11-01 19:34 . 2011-11-01 19:34	1552384 c:\windows\Installer\2e0c17f.msp
+ 2011-10-30 05:10 . 2011-10-30 05:10	6824960 c:\windows\Installer\2e0c175.msp
+ 2011-10-31 18:37 . 2011-10-31 18:37	4146688 c:\windows\Installer\2e0c15e.msp
+ 2011-11-17 16:55 . 2011-11-17 16:55	5522944 c:\windows\Installer\2e0c146.msp
+ 2011-10-16 02:42 . 2011-10-16 02:42	1527808 c:\windows\Installer\24858999.msi
+ 2011-09-20 20:36 . 2011-09-20 20:36	5521408 c:\windows\Installer\235a8d9c.msp
+ 2011-06-29 02:27 . 2011-06-29 02:27	4028928 c:\windows\Installer\212ded.msp
+ 2011-04-14 05:16 . 2011-04-14 05:16	1515008 c:\windows\Installer\1b212fd2.msi
+ 2011-04-14 05:14 . 2011-04-14 05:14	2035200 c:\windows\Installer\1b212fca.msi
+ 2011-04-14 05:13 . 2011-04-14 05:13	1100288 c:\windows\Installer\1b212f57.msi
+ 2011-04-14 04:55 . 2011-04-14 04:55	6465536 c:\windows\Installer\1b11643c.msi
+ 2011-10-04 20:41 . 2011-10-04 20:41	1317376 c:\windows\Installer\1b0af846.msi
+ 2011-01-17 21:06 . 2011-01-17 21:06	5518848 c:\windows\Installer\171b66fa.msp
+ 2011-11-17 16:55 . 2011-11-17 16:55	5522944 c:\windows\Installer\1657c719.msp
+ 2011-11-11 22:16 . 2011-11-11 22:16	8458240 c:\windows\Installer\1657c717.msp
+ 2011-11-19 04:14 . 2011-11-19 04:14	1435136 c:\windows\Installer\107c1596.msi
+ 2007-04-19 18:09 . 2007-04-19 18:09	1061720 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL
+ 2010-09-22 22:05 . 2010-09-22 22:05	2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-19 21:51 . 2010-06-19 21:51	5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-01-14 12:10 . 2011-01-14 12:10	2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10	2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10	3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2011-07-27 09:44 . 2011-07-27 09:44	1791824 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PPCNV.DLL
+ 2011-12-21 04:10 . 2011-08-22 23:48	1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-21 04:10 . 2011-10-03 08:35	5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-21 04:10 . 2011-08-22 23:48	2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	1212416 c:\windows\ie8updates\KB2586448-IE8\urlmon.dll
+ 2011-10-15 21:16 . 2011-07-25 15:17	5969920 c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	1991680 c:\windows\ie8updates\KB2586448-IE8\iertutil.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-28 00:09 . 2011-05-30 22:19	5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-28 00:09 . 2011-04-25 16:11	1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	1210880 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	5962240 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	1991680 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	1210880 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	5961216 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-04-28 00:54 . 2010-12-20 23:59	1991680 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2008-11-08 15:36 . 2011-10-25 13:33	2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-11-08 15:36 . 2011-10-25 12:52	2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-11-08 15:36 . 2011-10-25 12:52	2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-11-08 15:36 . 2011-10-25 13:37	2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-08-28 00:17 . 2011-08-28 00:17	3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-10-15 21:24 . 2011-10-15 21:24	3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
+ 2011-08-28 00:16 . 2011-08-28 00:16	7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-10-15 21:24 . 2011-10-15 21:24	7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
+ 2011-10-15 21:26 . 2011-10-15 21:26	5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
+ 2011-08-28 00:18 . 2011-08-28 00:18	5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-28 00:34 . 2011-08-28 00:34	1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-10-15 22:21 . 2011-10-15 22:21	1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll
+ 2011-10-15 22:21 . 2011-10-15 22:21	2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f5dac0448a1dbe2687a5df92904d6274\System.Web.Mobile.ni.dll
+ 2011-08-28 00:34 . 2011-08-28 00:34	2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-10-15 22:21 . 2011-10-15 22:21	2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\ccaf6bdd256a9b5079fedadcc8993327\System.Web.Extensions.ni.dll
+ 2011-08-28 00:33 . 2011-08-28 00:33	2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
+ 2011-10-15 22:07 . 2011-10-15 22:07	1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-10-15 21:26 . 2011-10-15 21:26	1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
+ 2011-08-28 00:18 . 2011-08-28 00:18	1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\cc5ac99e8af2738e85cda5525fdd944f\System.Deployment.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-10-15 21:25 . 2011-10-15 21:25	6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
+ 2011-08-28 00:18 . 2011-08-28 00:18	6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\ef748704f543a8791e23387652d34dfb\System.Data.SqlXml.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-28 00:22 . 2011-08-28 00:22	2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-10-15 22:09 . 2011-10-15 22:09	2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\ce1ecd602ca089eb13a9b428dc7f0449\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\50e7c5eb58c982dba7b21cd10a69b095\Microsoft.Build.Tasks.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\eea7bcc8d356e3f2dcb4f36dfc1c6bc0\Microsoft.Build.Engine.ni.dll
+ 2011-08-28 00:21 . 2011-08-28 00:21	1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-04 16:40 . 2010-10-04 16:40	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-04 16:40 . 2010-10-04 16:40	5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-10-04 16:41 . 2010-10-04 16:41	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-15 21:22 . 2011-10-15 21:22	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-09-21 19:32 . 2006-05-05 06:26	2808832 c:\windows\alcwzrd.exe
+ 2011-10-15 21:17 . 2011-06-02 14:02	1858944 c:\windows\$NtUninstallKB2567053$\win32k.sys
+ 2009-07-27 22:13 . 2009-07-27 22:13	8462848 c:\windows\$hf_mig$\KB971029\SP3QFE\shell32.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	1214464 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\urlmon.dll
+ 2011-10-13 16:11 . 2011-10-03 08:34	5972992 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	2001408 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\iertutil.dll
+ 2011-09-06 13:25 . 2011-09-06 13:25	1867904 c:\windows\$hf_mig$\KB2567053\SP3QFE\win32k.sys
+ 2011-08-28 00:04 . 2011-06-23 18:33	1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-08-28 00:04 . 2011-07-25 15:15	5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-08-28 00:04 . 2011-06-23 18:33	1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2011-06-02 14:07 . 2011-06-02 14:07	1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2011-06-16 09:59 . 2011-04-25 16:09	1213952 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\urlmon.dll
+ 2011-06-16 09:59 . 2011-05-30 22:17	5967360 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	1992192 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\iertutil.dll
+ 2011-03-03 13:27 . 2011-03-03 13:27	1866880 c:\windows\$hf_mig$\KB2506223\SP3QFE\win32k.sys
+ 2011-04-20 18:58 . 2011-02-22 23:27	1212928 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\urlmon.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	5964800 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
+ 2011-04-20 18:58 . 2011-02-22 23:27	1992192 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\iertutil.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42	8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57	2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14	1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2010-10-26 13:27 . 2010-10-26 13:27	1862272 c:\windows\$hf_mig$\KB2436673\SP3QFE\win32k.sys
+ 2010-12-15 07:31 . 2010-11-06 00:27	1211904 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\urlmon.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	5960704 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
+ 2010-12-15 07:31 . 2010-11-06 00:27	1992192 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\iertutil.dll
+ 2011-02-09 01:57 . 2010-12-09 13:43	2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-09 01:57 . 2010-12-09 13:09	2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39	2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-09 01:57 . 2010-12-09 13:47	2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2011-12-22 21:25 . 2005-09-22 17:36	14854144 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTHDCPL.EXE
+ 2008-07-24 05:00 . 2011-12-21 04:05	52988224 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2011-11-04 19:20	11081728 c:\windows\system32\ieframe.dll
+ 2008-07-24 04:59 . 2011-11-04 19:20	11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2005-09-22 17:36 . 2006-11-15 07:21	16270848 c:\windows\RTHDCPL.exe
+ 2011-03-28 08:27 . 2011-03-28 08:27	15456256 c:\windows\Installer\f767c75.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33	10984448 c:\windows\Installer\64e5241.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39	19798016 c:\windows\Installer\63ab6.msp
+ 2011-02-24 13:38 . 2011-02-24 13:38	10984448 c:\windows\Installer\6249780f.msp
+ 2011-02-12 00:47 . 2011-02-12 00:47	12028928 c:\windows\Installer\624977e1.msp
+ 2011-07-12 01:43 . 2011-07-12 01:43	11641344 c:\windows\Installer\235a8da8.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37	38176256 c:\windows\Installer\2183a2.msp
+ 2011-04-14 05:12 . 2011-04-14 05:12	26428928 c:\windows\Installer\1b212f4f.msi
+ 2011-01-31 10:45 . 2011-01-31 10:45	11135488 c:\windows\Installer\1144de.msp
+ 2010-09-23 07:03 . 2010-09-23 07:03	20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-08-30 13:40 . 2011-08-30 13:40	15145832 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\XL12CNV.EXE
+ 2011-12-21 04:10 . 2011-08-23 22:48	11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
+ 2011-10-15 21:16 . 2011-06-23 18:36	11081728 c:\windows\ie8updates\KB2586448-IE8\ieframe.dll
+ 2011-08-28 00:09 . 2011-04-26 15:11	11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-06-16 16:48 . 2011-02-22 23:06	11080704 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
+ 2011-04-28 00:54 . 2010-12-21 10:29	11080704 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
+ 2011-02-09 08:01 . 2010-11-06 00:26	11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2010-12-15 08:05 . 2010-09-10 05:58	11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
+ 2011-09-29 15:03 . 2011-09-29 15:03	11608064 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000001\ntuser.dat
+ 2011-12-10 04:09 . 2011-12-10 04:09	11763712 c:\windows\ERDNT\AutoBackup\12-9-2011\Users\00000001\ntuser.dat
+ 2011-12-05 23:36 . 2011-12-05 23:36	11743232 c:\windows\ERDNT\AutoBackup\12-5-2011\Users\00000001\ntuser.dat
+ 2011-12-30 17:15 . 2011-12-30 17:15	11788288 c:\windows\ERDNT\AutoBackup\12-30-2011\Users\00000001\ntuser.dat
+ 2011-12-25 03:21 . 2011-12-25 03:21	11788288 c:\windows\ERDNT\AutoBackup\12-24-2011\Users\00000001\ntuser.dat
+ 2011-12-23 08:24 . 2011-12-23 08:24	11788288 c:\windows\ERDNT\AutoBackup\12-23-2011\Users\00000001\ntuser.dat
+ 2011-12-22 18:01 . 2011-12-22 18:01	11788288 c:\windows\ERDNT\AutoBackup\12-22-2011\Users\00000001\ntuser.dat
+ 2011-12-21 08:28 . 2011-12-21 08:28	11788288 c:\windows\ERDNT\AutoBackup\12-21-2011\Users\00000001\ntuser.dat
+ 2011-12-20 14:40 . 2011-12-20 14:40	11788288 c:\windows\ERDNT\AutoBackup\12-20-2011\Users\00000001\ntuser.dat
+ 2011-12-14 17:39 . 2011-12-14 17:39	11771904 c:\windows\ERDNT\AutoBackup\12-14-2011\Users\00000001\ntuser.dat
+ 2011-12-10 15:49 . 2011-12-10 15:49	11763712 c:\windows\ERDNT\AutoBackup\12-10-2011\Users\00000001\ntuser.dat
+ 2011-12-01 19:25 . 2011-12-01 19:25	11743232 c:\windows\ERDNT\AutoBackup\12-1-2011\Users\00000001\ntuser.dat
+ 2011-11-07 16:51 . 2011-11-07 16:51	11694080 c:\windows\ERDNT\AutoBackup\11-7-2011\Users\00000001\ntuser.dat
+ 2011-11-06 00:05 . 2011-11-06 00:05	11694080 c:\windows\ERDNT\AutoBackup\11-5-2011\Users\00000001\ntuser.dat
+ 2011-11-30 17:34 . 2011-11-30 17:34	11735040 c:\windows\ERDNT\AutoBackup\11-30-2011\Users\00000001\ntuser.dat
+ 2011-11-27 03:39 . 2011-11-27 03:39	11735040 c:\windows\ERDNT\AutoBackup\11-26-2011\Users\00000001\ntuser.dat
+ 2011-11-25 19:10 . 2011-11-25 19:10	11743232 c:\windows\ERDNT\AutoBackup\11-25-2011\Users\00000001\ntuser.dat
+ 2011-11-25 02:33 . 2011-11-25 02:33	11739136 c:\windows\ERDNT\AutoBackup\11-24-2011\Users\00000001\ntuser.dat
+ 2011-11-21 19:21 . 2011-11-21 19:21	11735040 c:\windows\ERDNT\AutoBackup\11-21-2011\Users\00000001\ntuser.dat
+ 2011-11-19 20:22 . 2011-11-19 20:22	11730944 c:\windows\ERDNT\AutoBackup\11-19-2011\Users\00000001\ntuser.dat
+ 2011-11-15 07:06 . 2011-11-15 07:06	11714560 c:\windows\ERDNT\AutoBackup\11-15-2011\Users\00000001\ntuser.dat
+ 2011-11-15 01:20 . 2011-11-15 01:20	11714560 c:\windows\ERDNT\AutoBackup\11-14-2011\Users\00000001\ntuser.dat
+ 2011-10-09 00:29 . 2011-10-09 00:29	11620352 c:\windows\ERDNT\AutoBackup\10-8-2011\Users\00000001\ntuser.dat
+ 2011-10-07 19:56 . 2011-10-07 19:56	11616256 c:\windows\ERDNT\AutoBackup\10-7-2011\Users\00000001\ntuser.dat
+ 2011-10-31 16:42 . 2011-10-31 16:42	11694080 c:\windows\ERDNT\AutoBackup\10-31-2011\Users\00000001\ntuser.dat
+ 2011-10-29 14:17 . 2011-10-29 14:17	11694080 c:\windows\ERDNT\AutoBackup\10-29-2011\Users\00000001\ntuser.dat
+ 2011-10-27 10:24 . 2011-10-27 10:24	11694080 c:\windows\ERDNT\AutoBackup\10-27-2011\Users\00000001\ntuser.dat
+ 2011-10-19 20:09 . 2011-10-19 20:09	11694080 c:\windows\ERDNT\AutoBackup\10-19-2011\Users\00000001\ntuser.dat
+ 2011-10-16 18:16 . 2011-10-16 18:16	11677696 c:\windows\ERDNT\AutoBackup\10-16-2011\Users\00000001\ntuser.dat
+ 2012-01-02 05:14 . 2012-01-02 05:14	11792384 c:\windows\ERDNT\AutoBackup\1-1-2012\Users\00000001\ntuser.dat
+ 2011-04-03 07:47 . 2011-04-03 07:47	11128832 c:\windows\ERDNT\4-3-2011\Users\00000001\ntuser.dat
+ 2011-03-30 04:57 . 2011-03-30 04:57	11128832 c:\windows\ERDNT\3-30-2011\Users\00000001\ntuser.dat
+ 2011-03-27 16:58 . 2011-03-27 16:58	11128832 c:\windows\ERDNT\3-27-2011\Users\00000001\ntuser.dat
+ 2011-08-28 00:18 . 2011-08-28 00:18	12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-10-15 21:26 . 2011-10-15 21:26	12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
+ 2011-10-15 22:09 . 2011-10-15 22:09	11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
+ 2011-08-28 00:22 . 2011-08-28 00:22	11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-28 00:20 . 2011-08-28 00:20	17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-10-15 22:08 . 2011-10-15 22:08	17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
+ 2011-10-15 21:26 . 2011-10-15 21:26	10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
+ 2011-08-28 00:18 . 2011-08-28 00:18	10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-28 00:17 . 2011-08-28 00:17	14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-10-15 21:25 . 2011-10-15 21:25	14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
+ 2011-10-15 21:24 . 2011-10-15 21:24	12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
+ 2011-08-28 00:17 . 2011-08-28 00:17	12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-10-15 21:23 . 2011-10-15 21:23	11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
+ 2011-07-07 04:33 . 2011-07-07 04:33	11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
+ 2011-10-13 16:11 . 2011-08-22 23:47	11084288 c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\ieframe.dll
+ 2011-06-25 06:03 . 2011-06-25 06:03	11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
+ 2011-06-16 09:59 . 2011-04-25 16:09	11083776 c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\ieframe.dll
+ 2011-02-23 08:57 . 2011-02-23 08:57	11082752 c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\ieframe.dll
+ 2011-02-09 01:57 . 2010-12-20 23:58	11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
+ 2010-11-06 10:57 . 2010-11-06 10:57	11082752 c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Personal Assistant"="c:\program files\Shelltoys\Personal Assistant\assistant.exe" [2003-03-05 456704]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2011-02-02 500992]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2011-02-02 38144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"Chit Chat for Facebook"="c:\program files\Chit Chat For Facebook\CCFFacebook.exe" [2011-11-22 3788288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rmtemp"="c:\dostools\rmtemp.bat" [2010-03-08 860]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"LogMeIn GUI"="d:\notes\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\documents and settings\Michelle\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-6-29 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-26 18:40	16680	------w-	c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-15 19:24	87424	-c--a-w-	c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	-c--a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	-c--a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-11-02 23:09	1862456	-c--a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2008-07-31 23:40	95744	----a-w-	c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-30 08:07	133104	-c--atw-	c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	-c--a-w-	c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39	1289000	----a-w-	c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2008-09-01 15:08	173304	-c--a-w-	c:\program files\ICQ6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-12-24 23:50	981680	-c--a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2008-04-18 16:24	520192	-c--a-w-	c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal Assistant]
2003-03-05 18:02	456704	----a-w-	c:\program files\Shelltoys\Personal Assistant\assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-11-15 07:21	16270848	-c--a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-04 04:18	61440	-c--a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Michelle\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/29/2011 9:05 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2011 9:05 AM 86224]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [6/29/2011 3:22 AM 152576]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\notes\LogMeIn\x86\LMIGuardianSvc.exe [9/16/2010 4:49 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\notes\LogMeIn\x86\rainfo.sys [5/31/2010 9:31 AM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/1/2012 11:25 PM 652872]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [3/21/2011 10:17 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 68928]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/22/2011 6:17 PM 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/1/2012 11:25 PM 20464]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [7/25/2010 2:56 AM 49208]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4eac0d84\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4eac0d84\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4eac0d84\avupgsvc.exe [?]
S2 bomgar-scc-1291058205;Bomgar Support Customer Client [1291058205];"c:\documents and settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe" -service:run --> c:\documents and settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2011 5:46 PM 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2/22/2011 6:17 PM 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2/22/2011 6:17 PM 11520]
S3 cpuz129;cpuz129;\??\c:\docume~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\docume~1\Michelle\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\Michelle\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2011 5:46 PM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/10/2010 5:17 PM 27064]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-04 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-07-25 08:57]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 23:45]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 23:45]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
- c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 08:07]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
- c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 08:07]
.
2012-01-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-04-21 16:21]
.
2010-08-04 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2010-07-25 08:56]
.
2010-08-01 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-25 08:55]
.
2012-01-02 c:\windows\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2010-08-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-25 08:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
Trusted Zone: exoticpublishing.com
TCP: DhcpNameServer = 8.15.12.5 8.5.244.6
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice...p://www.odesk.com|http://66.7.214.224/cpanel/
FF - prefs.js: network.proxy.http - http://proxy.uconn.edu:3000/proxy.pac
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Carbonite Backup - c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe
MSConfigStartUp-nTrayFw - c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bomgar-scc-1291058205]
"ImagePath"="\"c:\documents and settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe\" -service:run"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2012-01-02 14:37:28
ComboFix-quarantined-files.txt 2012-01-02 20:37
ComboFix2.txt 2010-11-19 06:51
ComboFix3.txt 2009-11-20 07:20
.
Pre-Run: 122,941,370,368 bytes free
Post-Run: 123,001,331,712 bytes free
.
- - End Of File - - 393E849891D23EBA1E5E7823185526B1


----------



## eddie5659 (Mar 19, 2001)

Just looked at the log, and its on its 3rd run, so no log will be produced:

*OTL logfile created on: 1/1/2012 7:10:40 PM - Run 3*

No worries 



> No clue what these are??? Are they on my computer?
> 
> C:\WINDOWS\Tasks\expressripShakeIcon.job
> C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
> ...


Yep, they are. It looks like they may be from an Audio software program. Upon further looking, it appears to come from this:

c:\program files\NCH Swift Sound

---

With regards to ComboFix, the reason we rename it, is that some infections out there block certain tools, especially ComboFix, as its a favoured program amongst the removal experts, so they don't want the tool running 



> Ok, CF did stuff to the computer while I stepped away. It shut down Fx & I lost Yahoo & my ring central, thank gawd everything came back online when I clicked on it. I thought I lost my Internet & everything I had written in this post up until now.


Were you actually browing whilst it was running, as it will always close certain processes, so as not to conflict.

Its always best to run any tools, even antivirus scans, with all programs shut, like internet, media player etc 

--

Do you know what this is:

*c:\dostools\rmtemp.bat*

If not, don't open it. Could it be for the website?

----

Can you do the following fix using OTL:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
MOD - [2010/02/16 12:57:38 | 000,301,568 | ---- | M] () -- C:\Program Files\ChitChat Toolbar\tbhelper.dll
SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChitChat Toolbar\tbhelper.dll ()
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

=============

Then, can you run this with SystemLook again, just to see the locations of the following files:


```
:filefind
*svchost.exe
:reg
HKEY_CLASSES_ROOT\CLSID\{BD942DA7-96C8-4342-84C6-E2BCFE69FE11}\InprocServer32 /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD942DA7-96C8-4342-84C6-E2BCFE69FE11} /sub
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /sub
HKEY_LOCAL_MACHINE\Software\Acrobat\ /sub
```
And post the log

eddie


----------



## ep2002 (Oct 31, 2006)

Sorry for the delay.

I have no idea what sound thingy that is. I'm not a sound expert, so I don't know.

Remember I had problems with the speakers? Do you think that's what was stopping them from working?

I want to send this now b/c I have to run out again & I don't want to lose this since the electricity keeps going off here & I lose everything that is open. I lost 2 UPSs, I hope I have the money to replace one some time later this month.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

"Were you actually browing whilst it was running, as it will always close certain processes, so as not to conflict.

Its always best to run any tools, even antivirus scans, with all programs shut, like internet, media player etc"


No, while I didn't shut down the router, Yahoo, MBAM, Anti vir, & Ring Centeral, every other window was shut down. I walked away from the computer.

"c:\dostools\rmtemp.bat"

No clue what that is, I should know what's for my sites. That doesn't ring a bell at all.

Remember there's many of those greyed out things that I can't delete, like in my "music" folder.

Be back


Michelle


----------



## ep2002 (Oct 31, 2006)

Scary 

I lost the computer again. <sigh> I know it has to be the video card.

Here was the error.

I'll try to run the OTL now.

Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, not so great news...

The OTL won't run.

The first time I ran it, it crashed or turned off MBAM.

I had to a cold reboot.

2nd time it made the desktop disappear & just hung. I had disabled MBAM prior to running it.

I don't know how long it's supposed to take to work, but after 20-30 minutes of being away from the computer, it was still hung. I had to once again do a cold reboot.

Here is the system thingy...

SystemLook 30.07.11 by jpshortstuff
Log created at 04:36 on 06/01/2012 by Michelle
Administrator - Elevation successful

========== filefind ==========

Searching for "*svchost.exe"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe	--a--c- 182856 bytes	[05:25 02/01/2012]	[23:50 24/12/2011] B382935AB01B27D0E14F267DBF288896
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe	-----c- 14336 bytes	[08:25 24/07/2008]	[12:00 28/02/2006] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ERDNT\cache\svchost.exe	--a--c- 14336 bytes	[07:19 20/11/2009]	[00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	--a--c- 132096 bytes	[00:16 30/07/2008]	[00:16 30/07/2008] D34612C5D02D026535B3095D620626AE
C:\WINDOWS\ServicePackFiles\i386\svchost.exe	-----c- 14336 bytes	[08:22 24/07/2008]	[00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe	------- 14336 bytes	[12:00 28/02/2006]	[00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\dllcache\svchost.exe	--a--c- 14336 bytes	[12:00 28/02/2006]	[00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

========== reg ==========

[HKEY_CLASSES_ROOT\CLSID\{BD942DA7-96C8-4342-84C6-E2BCFE69FE11}\InprocServer32]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD942DA7-96C8-4342-84C6-E2BCFE69FE11}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rmtemp"="cmd /c c:\dostools\rmtemp.bat"
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun"
"QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
"LogMeIn GUI"=""D:\Notes\LogMeIn\x86\LogMeInSystray.exe""
"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe""
"Adobe ARM"=""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe""
"BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN"
"KodakShareButtonApp"="C:\Program Files\Kodak\KODAK Share Button App\Listener.exe"
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"avgnt"=""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min"
"SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe""
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Malwarebytes' Anti-Malware"=""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\Software\Acrobat\]
(Unable to open key - key not found)

-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Okay, lets go through a few things in order, which will help in the problems 

For the tasks here:

C:\WINDOWS\Tasks\expressripShakeIcon.job
C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
C:\WINDOWS\Tasks\soundtapShakeIcon.job
C:\WINDOWS\Tasks\switchShakeIcon.job
C:\WINDOWS\Tasks\wavepadShakeIcon.job

These look like they are setup to run at certain times, for the following programs, of which you have installed. You can see these via AddRemove Programs in the Control Panel:

*Express Rip*

http://www.nch.com.au/rip/index.html

*SoundTap Streaming Audio Recorder*

http://www.nch.com.au/soundtap/index.html

*Switch Sound File Converte*

http://www.nch.com.au/switch/index.html

*WavePad Sound Editor*

http://www.nch.com.au/wavepad/index.html

Now, its up to you if you want to keep them or not, as they're not malicious. However, we can remove them from being run at for their tasks, which I suspect is just to see for updates, but this can be done manually when you start the programs 

---

Also, whilst I was looking through your installed programs, these were there:

*LogMeIn*

Well known and well used program, but if you didn't know it was there, here it is: https://secure.logmein.com/UK/

*Maestro Connector*

Access, manage, and interact with your entire central music library, whether stored on a Mac, PC, or gaming device, via any connected device on-demand: https://www.maestro.fm/help

---

Now, you did mention that Firefox etc were having problems, so can you do this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

---



> i) Folders being created (not by me) with a string of numbers/letters.


This was mentioned at the beginning of this thread. Can you give me an example of a folder, and where they're located?



> ii) Can't delete a folder I want to.


This may be a permissions setting. Are you logged in as an Administrator when trying this? Also, are these folders that you've created in the past, or Windows folders, that are not needed?



> v) I keep getting this script error. It's also intermittent


Is this happening whilst you're online in a webpage, or on the computer itself? Can you post the details of what it says.



> 6. Junk files in the The Car folder. Can't delete them, warning says some are part of the system file. AlbumArt_{0A0B70F4-AA3C-48FF-B440-70925C53A4A0}_Large.jpg - this file has music in it. I don't save or keep art.


Where is the "The Car" folder? If you right-click on the folder, select Properties, it should give the location. I can then create a script so that I can see the content inside it.



> 7. On my E drive (used for e-mails & other backup type stuff) this folder is there. I didn't create it. fe19a24640db537895a48aa9e4d1fd
> 8. Same here, not sure what this is  SMRTNTKY


I'll have a look at that soon, but is the E drive a fixed drive, or a Flash drive?



> 10. In my router had 2 ports opened called RC1 & RC2 ports 5060 to 5090 & 8000 to 8200 (This isnt a problem that needs to be fixed, but its very suspicious, as I have no idea why this was there) I deleted them while on the phone with Linksys.


We'll take a look at them soon, with the next tool.

=========================
=========================

Can you do this for me:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
MOD - [2010/02/16 12:57:38 | 000,301,568 | ---- | M] () -- C:\Program Files\ChitChat Toolbar\tbhelper.dll
SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChitChat Toolbar\tbhelper.dll ()
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

=====================

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
When prompted, type 1 and validate 
The RKreport.txt shall be generated next to the executable. 
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Please post the contents of the RKreport.txt in your next Reply.

=======================


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

========================

eddie


----------



## ep2002 (Oct 31, 2006)

Ok, I'm going to do this in pieces.

The NCH isn't needed anymore, so I'm just going to remove them.

Ok, realized they aren't called NCH, so I went thru them all, but this is the only one I couldn't find... C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

Here's the checkup results...

Results of screen317's Security Check version 0.99.30 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
Avira Free Antivirus 
ESET Online Scanner v3 
Antivirus up to date! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
SpywareBlaster 4.3 
Rootkit Unhooker LE 3.8 SR 2 
HijackThis 2.0.2 
CCleaner 
Java(TM) 6 Update 30 
Adobe Flash Player 11.1.102.55 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox 8.0. *Firefox out of Date!* 
Mozilla Thunderbird (8.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Malwarebytes' Anti-Malware mbamservice.exe 
Malwarebytes' Anti-Malware mbamgui.exe 
Avira Antivir avgnt.exe 
Avira Antivir avguard.exe 
*``````````End of Log````````````*


----------



## ep2002 (Oct 31, 2006)

Yes, I believe I always have admin rights.

Ok, folder answers: (non of these folders I created, although the "banned" folder was created by me & I think TB recreated it several times.)

Can&#8217;t get rid of that folder in TB called Banned. I&#8217;ve deleted it several times & is still there

In the MichellePrefers & [email protected] account it won&#8217;t let me delete e-mails. I constantly have to &#8220;compact&#8221; in order to get it to work.

E drive there&#8217;s this folder with a whole bunch of characters in it&#8230; fe19a24640db537895a48aa9e4d1fd (sorry, just read I gave this to you already, yes, E is fixed, I have my HD partitioned. That's where all the TB e-mails are amongst some pics & things)

Here's the one from the car folder - AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Large.jpg

==================================


----------



## ep2002 (Oct 31, 2006)

I believe the script error is tied to TB.

Here's 2 SSs


----------



## ep2002 (Oct 31, 2006)

RK - Oops, didn't read about shutting down all programs. Let me know if you need me to run it again, here's the log...

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Michelle [Admin rights]
Mode: Scan -- Date : 01/08/2012 02:00:18

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d8a9a3014abafc9df73c83b6eec6cd0f
[BSP] ab5bc9cc86ad628d07dc29374cc33ba1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 158608 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 309781395 | Size: 341497 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

----------------------------------------
OTL - ok, I can't chance this anymore, not until you figure out why it's crashing the computer.

I forgot that it affects MBAM, so it hung the window telling me MBAM had been shut down.

When I tried to click on the "ok", it had already frozen & the only way to get out of it was to do a cold reboot.

Unfortunately then the computer wouldn't restart & I got the 3 beeps, so I had to shut her down for 2 hours & thank gawd she restarted <sigh>


----------



## ep2002 (Oct 31, 2006)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Michelle at 2012-01-08 02:04:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 117 GB (78%) free of 151 GB
Total RAM: 3582 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:05:10 AM, on 1/8/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
D:\Notes\LogMeIn\x86\RaMaint.exe
D:\Notes\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\Notes\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\windows\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
D:\Downloads\RSIT.exe
D:\Downloads\Michelle.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [rmtemp] cmd /c c:\dostools\rmtemp.bat
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Notes\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Chit Chat for Facebook] C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Unknown owner - C:\WINDOWS\TEMP\AVSETUP_4eac0d84\avupgsvc.exe (file missing)
O23 - Service: Bomgar Support Customer Client [1291058205] (bomgar-scc-1291058205) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Notes\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13029 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default

prefs.js - "browser.startup.homepage" - "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
prefs.js - "extensions.enabledItems" - "[email protected]:1.0.3, [email protected]:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, [email protected]:1.4.3, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, [email protected]:1.72.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"[email protected]"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{B13721C7-F507-4982-B2E5-502A71474FED}-trash
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
ILnsp110.log
NPCltInst11.dll
npdeployJava1.dll
npdnu.dll
npdnu.xpt
npdnupdater2.dll
npdnupdater2.xpt
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{20a82645-c095-46ed-80e3-08825760534b}
{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
{67119310-420c-11df-9879-0800200c9a66}
{75623d5d-4683-402a-b610-ac4bab767c86}-trash
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
{e3f6c2cc-d8db-498c-af6c-499fb211db97}
{FBF6D7FB-F305-4445-BB3D-FEF66579A033}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\ChitChat Toolbar\tbcore3.dll [2011-06-22 2398720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"rmtemp"=cmd /c c:\dostools\rmtemp.bat []
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2009-02-10 745472]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"LogMeIn GUI"=D:\Notes\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2010-02-09 2621440]
"KodakShareButtonApp"=C:\Program Files\Kodak\KODAK Share Button App\Listener.exe [2011-03-07 107008]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-10-19 258512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-15 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-12-24 460872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-08-18 5137648]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Personal Assistant"=C:\Program Files\Shelltoys\Personal Assistant\assistant.exe [2003-03-05 456704]
"RCUI"=C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe [2011-02-02 500992]
"RCHotKey"=C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe [2011-02-02 38144]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 19550344]
"Chit Chat for Facebook"=C:\Program Files\Chit Chat For Facebook\CCFFacebook.exe [2011-11-21 3788288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
C:\Program Files\CCleaner\CCleaner.exe [2010-11-02 1862456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe [2008-07-31 95744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-12-24 981680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2008-04-18 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal Assistant]
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe [2003-03-05 456704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-11-15 16270848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-03 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2006-05-17 811008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
C:\PROGRA~1\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CrashPlan Tray.lnk - C:\Program Files\CrashPlan\CrashPlanTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Documents and Settings\Michelle\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-03-03 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [2009-08-26 16680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-12-15 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\CrashPlan\CrashPlanService.exe"="C:\Program Files\CrashPlan\CrashPlanService.exe:*:Enabled:CrashPlan"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.asv2"=asusasv2.dll
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-01-08 02:04:51 ----DC---- C:\rsit
2012-01-08 01:59:31 ----AC---- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-01-02 14:49:42 ----DC---- C:\Documents and Settings\Michelle\Application Data\Toolbar4
2012-01-02 14:37:29 ----AC---- C:\ComboFix.txt
2012-01-02 13:46:52 ----AC---- C:\WINDOWS\system32\javaws.exe
2012-01-02 13:46:52 ----AC---- C:\WINDOWS\system32\javaw.exe
2012-01-02 13:46:51 ----AC---- C:\WINDOWS\system32\java.exe
2012-01-01 23:25:41 ----DC---- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
2012-01-01 23:25:27 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-01 23:25:25 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-01 23:25:25 ----AC---- C:\WINDOWS\system32\drivers\mbam.sys
2011-12-31 05:36:01 ----AC---- C:\mbam-error.txt
2011-12-22 15:26:14 ----AC---- C:\WINDOWS\system32\ChCfg.exe
2011-12-22 15:25:51 ----AC---- C:\WINDOWS\SkyTel.exe
2011-12-22 15:25:42 ----DC---- C:\Program Files\Realtek
2011-12-22 15:25:35 ----AC---- C:\WINDOWS\RtlExUpd.dll
2011-12-20 22:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2639417$
2011-12-20 22:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2011-12-20 22:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2011-12-18 21:42:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2011-12-18 21:41:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2011-12-18 21:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2011-12-18 21:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$
2011-12-11 13:39:48 ----DC---- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
2011-12-11 13:39:40 ----DC---- C:\Program Files\Softnik Technologies
2011-12-10 09:38:09 ----D---- C:\found.001

======List of files/folders modified in the last 1 month======

2012-01-08 02:05:06 ----DC---- C:\WINDOWS\TEMP
2012-01-08 02:04:10 ----DC---- C:\WINDOWS\Prefetch
2012-01-08 01:59:31 ----DC---- C:\WINDOWS\system32\drivers
2012-01-08 01:57:45 ----DC---- C:\WINDOWS\system32\NtmsData
2012-01-08 01:56:46 ----SHD---- C:\System Volume Information
2012-01-08 01:50:03 ----DC---- C:\Documents and Settings\Michelle\Application Data\Skype
2012-01-08 01:06:29 ----DC---- C:\WINDOWS\Registration
2012-01-08 00:49:11 ----DC---- C:\WINDOWS\SoftwareDistribution
2012-01-08 00:48:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-08 00:48:37 ----ADC---- C:\WINDOWS
2012-01-08 00:48:01 ----DC---- C:\Documents and Settings\All Users\Application Data\LogMeIn
2012-01-07 14:49:05 ----SDC---- C:\WINDOWS\Tasks
2012-01-07 14:49:05 ----RDC---- C:\Program Files
2012-01-07 14:49:03 ----DC---- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
2012-01-07 14:48:39 ----DC---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2012-01-07 02:37:26 ----DC---- C:\WINDOWS\system32\SoftwareDistribution
2012-01-06 05:13:13 ----DC---- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
2012-01-06 03:20:54 ----DC---- C:\Program Files\Mozilla Firefox
2012-01-05 21:24:55 ----DC---- C:\WINDOWS\system32
2012-01-03 02:52:32 ----DC---- C:\WINDOWS\system32\CatRoot2
2012-01-02 14:37:32 ----ADC---- C:\Qoobox
2012-01-02 14:34:58 ----AC---- C:\WINDOWS\system.ini
2012-01-02 14:34:48 ----DC---- C:\WINDOWS\system32\drivers\etc
2012-01-02 14:34:20 ----DC---- C:\WINDOWS\system32\IME
2012-01-02 14:34:19 ----DC---- C:\Program Files\ChitChat Toolbar
2012-01-02 14:29:56 ----DC---- C:\WINDOWS\AppPatch
2012-01-02 14:29:55 ----DC---- C:\Program Files\Common Files
2012-01-02 14:08:15 ----DC---- C:\ComboFix
2012-01-02 13:47:08 ----SHDC---- C:\WINDOWS\Installer
2012-01-02 13:47:07 ----DC---- C:\Config.Msi
2012-01-02 13:46:19 ----DC---- C:\Program Files\Java
2011-12-22 15:26:14 ----DC---- C:\WINDOWS\system32\RTCOM
2011-12-22 15:26:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-12-22 15:25:57 ----HDC---- C:\WINDOWS\inf
2011-12-22 15:25:56 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2011-12-22 15:24:39 ----DC---- C:\Temp
2011-12-20 22:10:38 ----AC---- C:\WINDOWS\imsins.BAK
2011-12-20 22:10:20 ----DC---- C:\Program Files\Internet Explorer
2011-12-20 22:10:14 ----DC---- C:\WINDOWS\ie8updates
2011-12-20 22:07:59 ----HDC---- C:\WINDOWS\$hf_mig$
2011-12-20 22:05:52 ----AC---- C:\WINDOWS\system32\MRT.exe
2011-12-20 22:05:36 ----AC---- C:\WINDOWS\win.ini
2011-12-15 13:24:26 ----AC---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2011-12-15 13:24:24 ----AC---- C:\WINDOWS\system32\LMIport.dll
2011-12-15 13:24:24 ----AC---- C:\WINDOWS\system32\LMIinit.dll
2011-12-11 00:47:35 ----DC---- C:\Program Files\Mozilla Thunderbird
2011-12-09 22:01:07 ----DC---- C:\EVENTDB
2011-12-09 04:59:04 ----DC---- C:\LOGFILES

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-12-09 134856]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-10-19 74640]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2007-11-09 41984]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Notes\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-04 3565568]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-11-30 43136]
R3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys [2004-07-06 44544]
S2 npkcrypt;npkcrypt; \??\C:\Folder\MapleStory\npkcrypt.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-14 15295]
S3 BrSerIb;Brother Serial Interface Driver(WDM); C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [2009-11-02 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM); C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [2009-11-02 11520]
S3 catchme;catchme; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys []
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys []
S3 cpuz135;cpuz135; \??\C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz135\cpuz135_x32.sys []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys []
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-10-19 110032]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-03-03 602112]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CrashPlanService;CrashPlan Backup Service; C:\Program Files\CrashPlan\CrashPlanService.exe [2011-06-29 152576]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-15 374152]
R2 LMIMaint;LogMeIn Maintenance Service; D:\Notes\LogMeIn\x86\RaMaint.exe [2011-12-15 136584]
R2 LogMeIn;LogMeIn; D:\Notes\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2011-03-21 196928]
R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-03-21 68928]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S2 AviraUpgradeService;Avira Upgrade Service; C:\WINDOWS\TEMP\AVSETUP_4eac0d84\avupgsvc.exe /TEMPSTART:C:\WINDOWS\TEMP\AVSETUP_4eac0d84\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE []
S2 bomgar-scc-1291058205;Bomgar Support Customer Client [1291058205]; C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4CF3FC1D\bomgar-scc.exe -service:run []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe [2009-08-26 16680]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


----------



## ep2002 (Oct 31, 2006)

info.txt logfile of random's system information tool 1.09 2012-01-08 02:05:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader 9.4.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 
ASUS GameFace Live-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF} 
ASUS SmartDoctor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} 
ASUS Utilities-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F4026ECE-9F19-43EC-9FC8-474C2DB7D2BE} /l1033 
ASUS Video Security-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{169E414A-37C7-434E-9021-27A03AE087CD} 
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Aurora Password Manager-->MsiExec.exe /I{3064F202-E671-4231-9CA5-0E38EFF52FEA}
Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite MFC-J615W-->"C:\Program Files\InstallShield Installation Information\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9e2_C2 -removeonly
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{093625E3-7B87-49D3-AA53-AD0FCFABAF49} 
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF0DD8B7-471C-463B-A298-6066C2FABAF5} 
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597} 
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0} 
CASH-Abc (1.57) 1.057-->C:\CASH\Uninstall.exe
CASH-Abc Demo Demo (1.053)-->C:\CASH\Uninstall.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{A961C6FD-C583-45F6-A0A4-5E4376C29E41}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Chit Chat For Facebook 1.454-->"C:\Program Files\Chit Chat For Facebook\unins000.exe"
ChitChat Toolbar-->C:\Program Files\ChitChat Toolbar\UninstallToolbar.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco Connect-->"C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe" -uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel WordPerfect Suite 8-->C:\Corel\Suite8\AppMan\Setup\REMOVELAUNCHER.EXE
CrashPlan-->MsiExec.exe /X{425C644F-3F69-429B-8B47-A7FD76BE4E21}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Domain Name Analyzer v4.1.022207-->"C:\Program Files\Softnik Technologies\Domain Name Analyzer v4\unins000.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EULAlyzer v1.2-->"C:\Program Files\EULAlyzer\unins000.exe"
FileChecker v1.7-->"C:\Program Files\FileChecker\unins000.exe"
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Garmin City Navigator North America NT 2011.10 Update-->MsiExec.exe /X{12A3AF78-CBB5-484B-AE87-927C4DE6B9A8}
Garmin Communicator Plugin-->MsiExec.exe /X{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}
Garmin Training Center-->MsiExec.exe /X{53C239F5-7E23-493D-8FB6-F8EEEA5C2154}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\16.0.912.75\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist Corporate-->C:\Program Files\Citrix\GoToAssist\570\G2AUninstaller.exe /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ID-Blaster Plus v2.0-->"C:\Program Files\ID-Blaster Plus\unins000.exe"
iLinc 11 Client-->C:\PROGRA~1\iLinc\CLIENT~1\UNINST~1.EXE 
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KODAK Share Button App-->MsiExec.exe /I{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}
Link Partner Analyzer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952AB4DF-7318-4293-8575-D723C35DE117}\setup.exe" -l0x9 
LogMeIn-->MsiExec.exe /I{7962FC39-62AF-4FFC-8F6A-7A01341C9659}
Maestro Connector-->C:\Program Files\Maestro Connector\uninstall.exe
Malwarebytes Anti-Malware version 1.60.0.1800-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{AC388C78-2619-452C-BFBE-FABCC3194387}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Monitor Calibration Wizard 1.0-->"C:\Program Files\Monitor Calibration Wizard\uninstall.exe"
MozBackup 1.5.1-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox 8.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (8.0)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MS Extra links-->C:\Program Files\MS Extra links\Windows Mobile Device Handbook\Bin\DHUninstall.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Nitro PDF Professional-->MsiExec.exe /X{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
pdfFactory-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
Personal Assistant-->"C:\Program Files\Shelltoys\Personal Assistant\unins000.exe"
QuickBooks Pro Edition 2007-->C:\Program Files\Installshield Installation Information\{334E2384-DF81-44b6-A2E2-D15B81162929}\QBReplace.exe {334E2384-DF81-44b6-A2E2-D15B81162929}#{71798A51-4265-49F9-B307-3D26E9B24404}
Revo Uninstaller Pro 2.4.3-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
RingCentral Call Controller-->C:\Program Files\RingCentral\RingCentral Call Controller\UNWISE.EXE /U C:\PROGRA~1\RINGCE~1\RINGCE~1\INSTALL.LOG
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
SmartDraw PDF Export (novaPDF 6.4 printer)-->"C:\Program Files\SmartDraw PDF Export\PDFFilter\unins000.exe"
Speccy-->"C:\Program Files\Speccy\uninst.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
TweetDeck-->msiexec /qb /x {A7765932-77D6-E0B2-1B27-E2973B5E1BD5}
TweetDeck-->MsiExec.exe /I{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Avira Desktop

======System event log======

Computer Name: EXOTIC-3C629299
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 370961
Source Name: Tcpip
Time Written: 20120105151819.000000-360
Event Type: warning
User:

Computer Name: EXOTIC-3C629299
Event Code: 7000
Message: The SSPORT service failed to start due to the following error: 
The system cannot find the file specified.

Record Number: 370652
Source Name: Service Control Manager
Time Written: 20120105121417.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 7000
Message: The npkcrypt service failed to start due to the following error: 
The system cannot find the path specified.

Record Number: 370651
Source Name: Service Control Manager
Time Written: 20120105121417.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 7000
Message: The Bomgar Support Customer Client [1291058205] service failed to start due to the following error: 
The system cannot find the path specified.

Record Number: 370650
Source Name: Service Control Manager
Time Written: 20120105121417.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 7000
Message: The Avira Upgrade Service service failed to start due to the following error: 
The system cannot find the path specified.

Record Number: 370649
Source Name: Service Control Manager
Time Written: 20120105121417.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: EXOTIC-3C629299
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x0001500a.

Record Number: 9326
Source Name: Application Error
Time Written: 20111021113324.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 1001
Message: TWN BrtTWN: [2011/10/21 12:31:08.578]: [00004020]: Initialize TwdsMain Class failed!

Record Number: 9325
Source Name: Brother BrLog
Time Written: 20111021113108.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 1001
Message: TWN BrtTWN: [2011/10/21 12:31:08.578]: [00004020]: ##### Fatal ERROR!! Create STI-device failed! #####

Record Number: 9324
Source Name: Brother BrLog
Time Written: 20111021113108.000000-360
Event Type: error
User:

Computer Name: EXOTIC-3C629299
Event Code: 1002
Message: TWN BrtTWN: [2011/10/21 12:31:08.562]: [00004020]: Device not found. Brother MFC-J615W.

Record Number: 9323
Source Name: Brother BrLog
Time Written: 20111021113108.000000-360
Event Type: warning
User:

Computer Name: EXOTIC-3C629299
Event Code: 1002
Message: CTLCN BrtCTLCN: [2011/10/21 12:31:05.984]: [00006804]: brccMCtl.exe: MutexCtrl.cpp (0299) : -------- Status[WAIT_TIMEOUT] CC Already Run.

Record Number: 9322
Source Name: Brother BrLog
Time Written: 20111021113105.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

> Ok, realized they aren't called NCH, so I went thru them all, but this is the only one I couldn't find... C:\WINDOWS\Tasks\SDMsgUpdate (TE).job


We'll remove that one in the fix that will follow at the end 



> Cant get rid of that folder in TB called Banned. Ive deleted it several times & is still there


Lets see if I can get the full location of it, so I can create a fix. If still no joy, we'll try something stronger  Again, as there may be other things I want to look at, we'll do it all at the end 



> In the MichellePrefers & [email protected] account it wont let me delete e-mails. I constantly have to compact in order to get it to work.


I know it sounds easy, but have you cleaned out the Bin, spam and also sent emails, as these can fill up? Also, at the bottom of Gmail it should say how much space you have used.



> E drive theres this folder with a whole bunch of characters in it fe19a24640db537895a48aa9e4d1fd (sorry, just read I gave this to you already, yes, E is fixed, I have my HD partitioned. That's where all the TB e-mails are amongst some pics & things


Again, I'll get the full details on that below 



> Here's the one from the car folder - AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Large.jpg


I take it you don't want the contents of the folder, or the folder itself? If you do, lets take a look inside it, to create the fix to remove just the AlbumArt 



> Script error is tied to TB


This is about the error that you're seeing:

http://kb.mozillazine.org/Script_busy_or_stopped_responding

It could be scripts tied to your website. When I've cleaned up the malware, I know that others may be able to help on this issue. Only malware removal people can reply in this forum, but in the other forums, anyone can reply 

---

Don't worry about shutting down all the programs before running roguekiller, but its best to close all windows before running a fix. So, in the screenshot of the script, you have plenty of windows of programs open on the taskbar: Notepad, 28 Firefoxes, 5 Word etc.

====================================

Quit all running programs and run RogueKiller once again.


For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
When prompted, type [2] and validate 
The RKreport.txt shall be generated next to the executable. 
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Then do the following:

-------------------

Can you uninstall *ChitChat Toolbar* via AddRemove Programs, if there.

Then, run the following fix, rembering to close all windows 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
MOD - [2010/02/16 12:57:38 | 000,301,568 | ---- | M] () -- C:\Program Files\ChitChat Toolbar\tbhelper.dll
SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\ChitChat Toolbar\tbhelper.dll ()
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ChitChat Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\ChitChat Toolbar\tbcore3.dll ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
/md5start
cmd.exe
/md5stop
:Files
C:\WINDOWS\tasks\SDMsgUpdate (TE).job
C:\Documents and Settings\Michelle\Application Data\Toolbar4
C:\Program Files\ChitChat Toolbar
ipconfig /flushdns /c
:Commands
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:folderfind
*Banned*
*fe19a24640db537895a48aa9e4d1fd*
:dir
D:\Music\The Car /sub
:file
C:\WINDOWS\system32\drivers\TrueSight.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---

And then can you do this:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *c:\dostools\rmtemp.bat*


Let me know when they're uploaded


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> I know it sounds easy, but have you cleaned out the Bin, spam and also
> 
> sent emails, as these can fill up? Also, at the bottom of Gmail it should
> 
> say how much space you have used.


Ok, I use TB, I don't use webmail unless I'm out on the road & it would

only be webmail for my biz addys, not gmail. So does that still matter?

Anyway I checked online & it's only 5% full. I deleted a few e-mails, but

it's still over 6,000, but only that 5%. I check the spam folder in gmail

every so often & clean it out of course. My sent folders in TB are always

huge. I had to start moving them to a sent folder for the year as I was

having problems with TB so much. Normally I don't do it right away when

the year is over, as I'm always using search functions & I don't want to

miss out on something just b/c the e-mails aren't in the regular "sent"

folder.

I have it compacting on a regular basis, sometimes it compacts too

much.



eddie5659 said:


> I take it you don't want the contents of the
> 
> folder, or the folder itself? If you do, lets take a look inside it, to create the
> 
> fix to remove just the AlbumArt


Oh no, that's my music folder which I keep adding to. UPS lost 4 DVDs of

music someone burned for me from over 200+ CDs. I lost it all. This is

the only music I have 



eddie5659 said:


> This is about the error that you're seeing:
> 
> http://kb.mozillazine.org/Script_busy_or_stopped_responding
> 
> ...


I don't know how it could be tied to my sites. They are on the hosting

company's server. What does that have to do with my computer? I didn't

really understand all that I skimmed on that page.

---


eddie5659 said:


> Don't worry about shutting down all the programs before running
> 
> roguekiller, but its best to close all windows before running a fix. So, in
> 
> ...


Right, but I'm pretty sure during that run I did have all the windows closed.

Can't remember now.

Now onto the work 

Control Panel is hung. I deleted the chit chat toolbar & that's when it

happened. Wasn't able to remove the main piece of the software & even

when I tried to end the task it just wouldn't X out.

Thanks

Michelle


----------



## eddie5659 (Mar 19, 2001)

Strange about the Control panel, it may have been because it was still running in the background, the toolbar that is, without you knowing.

If you reboot, and try the rest of the fixes above, we'll go from there


----------



## ep2002 (Oct 31, 2006)

I didn't reboot yet. I guess I have to in order to uninstall that one piece of software.

Rogue Kill was outdated, so I had to re-DL.

Here's the details....

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Michelle [Admin rights]
Mode: Scan -- Date : 01/14/2012 15:02:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] d8a9a3014abafc9df73c83b6eec6cd0f
[BSP] ab5bc9cc86ad628d07dc29374cc33ba1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 158608 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 309781395 | Size: 341497 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Also, when I uninstalled that chit chat thingy, the control panel wouldn't X out again. I noticed that when I closed down Fx & another notepad FINALLY I was able to X out of it. Same with the other one, I didn't have to reboot. That's scary.


----------



## ep2002 (Oct 31, 2006)

Ok, once again (this is 3-4 times now I believe) OTL crashed & while I could move my mouse, I couldn't click on anything & I had to do a cold reboot.

Here's the log file for the other one...

SystemLook 30.07.11 by jpshortstuff
Log created at 15:46 on 14/01/2012 by Michelle
Administrator - Elevation successful

========== folderfind ==========

Searching for "*Banned*"
No folders found.

Searching for "*fe19a24640db537895a48aa9e4d1fd*"
No folders found.

========== dir ==========

D:\Music\The Car - Parameters: "/sub"

---Files---
30 Seconds to Mars - Close To The Edge.mp3	--a---- 8218961 bytes	[04:14 29/09/2011]	[04:16 29/09/2011]
80's-Dead or Alive - You Spin Me Right Round.mp3	--a---- 4289411 bytes	[09:06 22/03/2009]	[18:32 13/04/2009]
98 degree - because of you.mp3	--a---- 4702876 bytes	[07:30 07/01/2012]	[07:31 07/01/2012]
98 Degrees - Invisible Man.mp3	--a---- 4543234 bytes	[07:54 07/01/2012]	[07:55 07/01/2012]
98 Degrees - The Hardest Thing.mp3	--a---- 4394550 bytes	[07:49 07/01/2012]	[07:49 07/01/2012]
98 degrees-Give me just one night(Una Noche).mp3	--a---- 3426816 bytes	[09:55 07/01/2012]	[09:55 07/01/2012]
Abba - Chiquitita.mp3	--a---- 13058092 bytes	[08:26 18/09/2011]	[08:27 18/09/2011]
Abba - Fernando.mp3	--a---- 4096043 bytes	[18:21 21/09/2011]	[18:22 21/09/2011]
Abba - I have a Dream.mp3	--a---- 2278119 bytes	[23:41 18/09/2011]	[23:42 18/09/2011]
Abba - Mama Mia.mp3	--a---- 3417457 bytes	[07:16 17/09/2011]	[07:16 17/09/2011]
Abba - One of us.mp3	--a---- 3811662 bytes	[07:31 17/09/2011]	[04:39 26/12/2011]
Abba - SOS.mp3	--a---- 4029406 bytes	[22:24 18/09/2011]	[22:25 18/09/2011]
Abba - Super Trooper.mp3	--a---- 4071214 bytes	[05:38 17/09/2011]	[05:39 17/09/2011]
Abba - Thank you for the Music.mp3	--a---- 3725314 bytes	[05:33 17/09/2011]	[21:19 07/01/2012]
Abba - The winner takes it all.mp3	--a---- 4669315 bytes	[06:00 17/09/2011]	[01:28 08/10/2011]
Abba - Waterloo.mp3	--a---- 6526435 bytes	[00:58 19/09/2011]	[01:00 19/09/2011]
Adele - Make you feel my love.mp3	--a---- 3944357 bytes	[05:15 22/09/2011]	[04:00 27/12/2011]
Adele - Right As Rain.mp3	--a---- 4742626 bytes	[05:14 27/12/2011]	[08:08 14/01/2012]
Adele - Rolling in the Deep.mp3	--a---- 5606736 bytes	[09:51 01/10/2011]	[09:52 01/10/2011]
Adele - Someone Like You.mp3	--a---- 6180530 bytes	[05:53 22/09/2011]	[06:39 25/12/2011]
Akon - Beautiful.mp3	--a---- 10068517 bytes	[07:31 02/10/2011]	[01:20 08/10/2011]
Akon - Right Now Na Na Na.mp3	--a---- 5916189 bytes	[07:22 22/03/2009]	[18:32 13/04/2009]
Akon ft. Kardinal Offishall - Dangerous (2008).mp3	--a---- 6094976 bytes	[07:23 22/03/2009]	[18:42 13/04/2009]
AlbumArtSmall.jpg	---hs-- 2535 bytes	[05:28 25/12/2008]	[04:36 26/05/2009]
AlbumArt_{039FDA74-793F-434C-98BB-302EFCCB6BB5}_Large.jpg	---hs-- 7938 bytes	[08:31 27/03/2009]	[18:46 13/04/2009]
AlbumArt_{039FDA74-793F-434C-98BB-302EFCCB6BB5}_Small.jpg	---hs-- 2351 bytes	[08:31 27/03/2009]	[18:46 13/04/2009]
AlbumArt_{04758E2C-04DE-41E6-B945-26E4CDD3A1CB}_Large.jpg	---hs-- 14460 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{04758E2C-04DE-41E6-B945-26E4CDD3A1CB}_Small.jpg	---hs-- 3036 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{09D2AB11-CC56-4394-B150-17113434708A}_Large.jpg	---hs-- 9911 bytes	[22:30 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{09D2AB11-CC56-4394-B150-17113434708A}_Small.jpg	---hs-- 2674 bytes	[22:30 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{0A0B70F4-AA3C-48FF-B440-70925C53A4A0}_Small.jpg	---hs-- 1329 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Large.jpg	---hs-- 14950 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Small.jpg	---hs-- 3404 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{1777A97A-C389-41C9-B311-CD5978BC9A1D}_Large.jpg	---hs-- 10444 bytes	[22:41 23/03/2009]	[04:36 26/05/2009]
AlbumArt_{1777A97A-C389-41C9-B311-CD5978BC9A1D}_Small.jpg	---hs-- 2535 bytes	[22:41 23/03/2009]	[04:36 26/05/2009]
AlbumArt_{2210B659-8CAF-433D-A7CD-1EAC6F695A4E}_Large.jpg	---hs-- 10064 bytes	[22:31 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{2210B659-8CAF-433D-A7CD-1EAC6F695A4E}_Small.jpg	---hs-- 2480 bytes	[22:31 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{29F64F20-1446-479A-A70C-137C155A43FD}_Large.jpg	---hs-- 10028 bytes	[22:35 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{29F64F20-1446-479A-A70C-137C155A43FD}_Small.jpg	---hs-- 2555 bytes	[22:35 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Large.jpg	---hs-- 14775 bytes	[22:33 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Small.jpg	---hs-- 3386 bytes	[22:33 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{318448BE-9D03-4EB2-A01C-B4FB7C1916C3}_Large.jpg	---hs-- 8426 bytes	[09:10 27/03/2009]	[07:44 27/03/2009]
AlbumArt_{318448BE-9D03-4EB2-A01C-B4FB7C1916C3}_Small.jpg	---hs-- 2470 bytes	[09:10 27/03/2009]	[07:44 27/03/2009]
AlbumArt_{34FD2354-88E9-4860-AF22-7025000E0FBF}_Large.jpg	---hs-- 9359 bytes	[22:41 23/03/2009]	[22:41 23/03/2009]
AlbumArt_{34FD2354-88E9-4860-AF22-7025000E0FBF}_Small.jpg	---hs-- 2613 bytes	[22:41 23/03/2009]	[22:41 23/03/2009]
AlbumArt_{363416FA-845A-4CCF-997C-593D9A26F004}_Large.jpg	---hs-- 5885 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{363416FA-845A-4CCF-997C-593D9A26F004}_Small.jpg	---hs-- 1634 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{3AC5F9E4-658A-4141-89AF-8C20DCCC53A0}_Large.jpg	---hs-- 10890 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{3AC5F9E4-658A-4141-89AF-8C20DCCC53A0}_Small.jpg	---hs-- 2872 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{3B1B1322-1D67-49F8-B99D-9CF177C17E25}_Large.jpg	---hs-- 9383 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{3B1B1322-1D67-49F8-B99D-9CF177C17E25}_Small.jpg	---hs-- 2269 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{44A48110-BCCC-4869-B62E-072CC2B8CB4C}_Large.jpg	---hs-- 7455 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{44A48110-BCCC-4869-B62E-072CC2B8CB4C}_Small.jpg	---hs-- 2104 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{4A088018-3D89-4483-B635-67B2AB50E945}_Large.jpg	---hs-- 10140 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{4A088018-3D89-4483-B635-67B2AB50E945}_Small.jpg	---hs-- 2561 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg	---hs-- 8989 bytes	[05:28 25/12/2008]	[18:32 13/04/2009]
AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg	---hs-- 1972 bytes	[05:28 25/12/2008]	[18:32 13/04/2009]
AlbumArt_{53108605-9E3F-4BF0-BC52-3EEBBED12D98}_Large.jpg	---hs-- 9553 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{53108605-9E3F-4BF0-BC52-3EEBBED12D98}_Small.jpg	---hs-- 1882 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{55694816-A02E-43E4-BF85-C05DE514824C}_Large.jpg	---hs-- 11804 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{55694816-A02E-43E4-BF85-C05DE514824C}_Small.jpg	---hs-- 2815 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Large.jpg	---hs-- 11636 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Small.jpg	---hs-- 2891 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Large.jpg	---hs-- 8596 bytes	[22:30 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Small.jpg	---hs-- 2294 bytes	[22:30 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{67AC618B-4202-44CE-B8C8-4CB93293B745}_Large.jpg	---hs-- 12331 bytes	[06:09 22/03/2009]	[06:09 22/03/2009]
AlbumArt_{67AC618B-4202-44CE-B8C8-4CB93293B745}_Small.jpg	---hs-- 2676 bytes	[06:09 22/03/2009]	[06:09 22/03/2009]
AlbumArt_{69D5840C-6CBE-4580-AA4C-B0064DC83AE8}_Large.jpg	---hs-- 9804 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{69D5840C-6CBE-4580-AA4C-B0064DC83AE8}_Small.jpg	---hs-- 2695 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{7C966C21-3F9B-4F62-89F0-5001F6874C08}_Large.jpg	---hs-- 9442 bytes	[22:37 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{7C966C21-3F9B-4F62-89F0-5001F6874C08}_Small.jpg	---hs-- 2374 bytes	[22:37 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Large.jpg	---hs-- 5104 bytes	[10:16 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Small.jpg	---hs-- 1607 bytes	[10:16 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{7F5135FA-BD2F-413F-AA32-E45786933541}_Large.jpg	---hs-- 8342 bytes	[22:38 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{7F5135FA-BD2F-413F-AA32-E45786933541}_Small.jpg	---hs-- 2332 bytes	[22:38 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{8159C3AF-1120-4B4A-BA7E-FA1BA11F774C}_Large.jpg	---hs-- 11917 bytes	[18:40 13/04/2009]	[18:40 13/04/2009]
AlbumArt_{8159C3AF-1120-4B4A-BA7E-FA1BA11F774C}_Small.jpg	---hs-- 2982 bytes	[18:40 13/04/2009]	[18:40 13/04/2009]
AlbumArt_{866F7EC7-163A-4791-BB41-8081A3C9DF2B}_Large.jpg	---hs-- 6921 bytes	[22:21 23/03/2009]	[19:39 23/03/2009]
AlbumArt_{866F7EC7-163A-4791-BB41-8081A3C9DF2B}_Small.jpg	---hs-- 2045 bytes	[22:21 23/03/2009]	[19:39 23/03/2009]
AlbumArt_{9805E048-C781-4D3B-806A-B6FEB1983DFB}_Large.jpg	---hs-- 9795 bytes	[22:40 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{9805E048-C781-4D3B-806A-B6FEB1983DFB}_Small.jpg	---hs-- 2579 bytes	[22:40 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg	---hs-- 7783 bytes	[22:36 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg	---hs-- 2219 bytes	[22:36 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{AD428ED1-51B7-486B-8A57-5BD6F80F3395}_Large.jpg	---hs-- 13867 bytes	[22:32 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{AD428ED1-51B7-486B-8A57-5BD6F80F3395}_Small.jpg	---hs-- 3267 bytes	[22:32 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{B1D58CCC-6613-473D-86DE-ECCD4B9C6A3B}_Large.jpg	---hs-- 14099 bytes	[22:40 23/03/2009]	[22:39 23/03/2009]
AlbumArt_{B1D58CCC-6613-473D-86DE-ECCD4B9C6A3B}_Small.jpg	---hs-- 3336 bytes	[22:40 23/03/2009]	[22:39 23/03/2009]
AlbumArt_{B6607DA7-4518-4D5F-B602-AA1368780B95}_Large.jpg	---hs-- 15918 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{B6607DA7-4518-4D5F-B602-AA1368780B95}_Small.jpg	---hs-- 3723 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{C4A2B350-58D1-47F5-B124-246730B0E76E}_Large.jpg	---hs-- 8271 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{C4A2B350-58D1-47F5-B124-246730B0E76E}_Small.jpg	---hs-- 2281 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{D1006935-0869-4E78-9904-29B295BFD87F}_Large.jpg	---hs-- 14156 bytes	[22:30 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{D1006935-0869-4E78-9904-29B295BFD87F}_Small.jpg	---hs-- 3342 bytes	[22:30 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{D6773DA1-D4E7-41C7-9326-EA40D32A8398}_Large.jpg	---hs-- 9211 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{D6773DA1-D4E7-41C7-9326-EA40D32A8398}_Small.jpg	---hs-- 2396 bytes	[18:32 13/04/2009]	[18:32 13/04/2009]
AlbumArt_{DAAA0DAC-9BD9-4313-9A37-89C0FCF5BA56}_Large.jpg	---hs-- 9859 bytes	[18:39 13/04/2009]	[18:39 13/04/2009]
AlbumArt_{DAAA0DAC-9BD9-4313-9A37-89C0FCF5BA56}_Small.jpg	---hs-- 2689 bytes	[18:39 13/04/2009]	[18:38 13/04/2009]
AlbumArt_{DD9CDA92-6EB9-4DDA-B023-9BB913E2C024}_Large.jpg	---hs-- 10777 bytes	[18:40 13/04/2009]	[18:40 13/04/2009]
AlbumArt_{DD9CDA92-6EB9-4DDA-B023-9BB913E2C024}_Small.jpg	---hs-- 2899 bytes	[18:40 13/04/2009]	[18:39 13/04/2009]
AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg	---hs-- 6542 bytes	[22:42 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg	---hs-- 2037 bytes	[22:42 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{E0B2DCF4-E7F5-4B3A-8F9F-FDBAF801EA70}_Large.jpg	---hs-- 4776 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{E0B2DCF4-E7F5-4B3A-8F9F-FDBAF801EA70}_Small.jpg	---hs-- 1488 bytes	[22:21 23/03/2009]	[18:32 13/04/2009]
AlbumArt_{EBAAD4B3-582A-406D-857F-70E248E67D7A}_Large.jpg	---hs-- 18807 bytes	[22:30 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{EBAAD4B3-582A-406D-857F-70E248E67D7A}_Small.jpg	---hs-- 3600 bytes	[22:30 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{EC5F2BD8-E111-4C24-88F8-16D062F227C0}_Large.jpg	---hs-- 6954 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{EC5F2BD8-E111-4C24-88F8-16D062F227C0}_Small.jpg	---hs-- 2146 bytes	[22:21 23/03/2009]	[22:21 23/03/2009]
AlbumArt_{FA714659-31A1-4F6C-8CF3-C68455F48AFA}_Large.jpg	---hs-- 13932 bytes	[22:33 23/03/2009]	[22:33 23/03/2009]
AlbumArt_{FA714659-31A1-4F6C-8CF3-C68455F48AFA}_Small.jpg	---hs-- 3215 bytes	[22:33 23/03/2009]	[22:33 23/03/2009]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg	---hs-- 10073 bytes	[06:08 22/03/2009]	[04:35 26/05/2009]
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg	---hs-- 2618 bytes	[06:08 22/03/2009]	[04:35 26/05/2009]
Anthony - Rain over me.mp3	--a---- 8949586 bytes	[02:23 22/09/2011]	[08:22 07/10/2011]
AreoSmith - Love Hurts.MP3	--a---- 3704925 bytes	[06:29 27/03/2009]	[18:32 13/04/2009]
Avicii Feat. Flo Rida - Levels.mp3	--a---- 7437303 bytes	[09:08 01/10/2011]	[09:09 01/10/2011]
Barbra Streisand - The Way We Were.mp3	--a---- 3332208 bytes	[06:16 22/09/2011]	[06:16 22/09/2011]
Basshunter - All I Ever Wanted.mp3	--a---- 7066689 bytes	[07:23 22/03/2009]	[18:43 13/04/2009]
Bee Gees & Andy Gibb - I Just Want To Be Your Everything.mp3	--a---- 5436021 bytes	[06:52 29/09/2011]	[06:52 16/10/2011]
Bee Gees & Samantha Sang - Emotions.mp3	--a---- 3747416 bytes	[08:03 29/09/2011]	[08:04 29/09/2011]
Bee Gees - How Can You Mend a Broken Heart.mp3	--a---- 3787074 bytes	[06:47 29/09/2011]	[07:22 07/10/2011]
Bee Gees - How Deep Is Your Love.mp3	--a---- 3819355 bytes	[07:07 26/09/2011]	[07:07 26/09/2011]
Bee Gees - I've gotta get a message to you.mp3	--a---- 4326396 bytes	[07:57 29/09/2011]	[07:58 29/09/2011]
Bee Gees - Masachusetts.mp3	--a---- 2215902 bytes	[05:56 26/09/2011]	[04:19 07/10/2011]
Bee Gees - Night Fever.mp3	--a---- 3350905 bytes	[04:12 26/09/2011]	[04:14 26/09/2011]
Bee Gees - Stayin Alive.mp3	--a---- 4562707 bytes	[04:04 26/09/2011]	[04:05 26/09/2011]
Bee Gees - To Love Somebody.mp3	--a---- 4339553 bytes	[05:42 26/09/2011]	[05:42 26/09/2011]
Bee Gees - Too Much Heaven.mp3	--a---- 4677508 bytes	[06:19 26/09/2011]	[06:19 26/09/2011]
Bee Gees - You Should Be Dancing.mp3	--a---- 4102230 bytes	[04:00 29/09/2011]	[04:02 29/09/2011]
Bee Gees-Tragedy.mp3	--a---- 4885248 bytes	[08:52 29/09/2011]	[04:41 09/12/2011]
Black Eyed Peas - Boom Boom Pow.mp3	--a---- 5574954 bytes	[04:35 26/05/2009]	[04:44 26/05/2009]
Black Eyed Peas - Gotta Feelling.mp3	--a---- 4628928 bytes	[06:25 03/10/2011]	[06:33 03/10/2011]
Black Eyed Peas - Meet Me Half Way.mp3	--a---- 9986009 bytes	[22:02 02/10/2011]	[22:04 02/10/2011]
Black Eyed Peas - My Humps.mp3	--a---- 3695143 bytes	[21:48 02/10/2011]	[21:49 02/10/2011]
Bob Marley - Buffalo Soldier.mp3	--a---- 2060086 bytes	[08:24 29/12/2011]	[08:24 29/12/2011]
Bob Marley - I Shot The Sheriff.mp3	--a---- 3645857 bytes	[08:28 29/12/2011]	[08:28 29/12/2011]
Bob Marley - Is This Love.mp3	--a---- 3707837 bytes	[22:59 31/12/2011]	[22:59 31/12/2011]
Bob Marley - Redemption Song.mp3	--a---- 3672096 bytes	[22:03 31/12/2011]	[22:03 31/12/2011]
Bob Marley - Stir It Up.mp3	--a---- 5344948 bytes	[22:23 31/12/2011]	[22:23 31/12/2011]
Bob Marley- Jammin'.mp3	--a---- 3475662 bytes	[02:31 01/01/2012]	[02:31 01/01/2012]
Boston - Amanda.mp3	--a---- 4037112 bytes	[06:30 02/10/2011]	[06:31 02/10/2011]
Boston - Carry On My Wayward.mp3	--a---- 5173864 bytes	[06:47 02/10/2011]	[06:47 02/10/2011]
Boston - Dont Look Back.mp3	--a---- 5759230 bytes	[06:55 02/10/2011]	[05:09 26/12/2011]
Boston - More Than A Feeling.mp3	--a---- 4564994 bytes	[06:10 02/10/2011]	[06:10 02/10/2011]
Boys 2Men - Boyz II Men - I Swear.mp3	--a---- 3620992 bytes	[08:28 19/04/2009]	[06:55 12/07/2011]
boyz2men- Boys To Men On Bended Knee 2.mp3	--a---- 4627218 bytes	[08:27 19/04/2009]	[07:00 12/07/2011]
Britney Spears Featuring Nicki Minaj & Kesha - Till The World Ends [The Femme Fatale Remix].mp3	--a---- 11428939 bytes	[05:27 04/12/2011]	[05:27 04/12/2011]
Britney Spears - Circus.mp3	--a---- 3196928 bytes	[09:08 08/01/2012]	[09:08 08/01/2012]
Britney Spears - I Wanna Go.mp3	--a---- 3377604 bytes	[07:41 08/01/2012]	[07:41 08/01/2012]
Britney Spears - I'm a Slave for you.mp3	--a---- 3463168 bytes	[04:48 09/01/2012]	[04:50 09/01/2012]
Britney Spears - Oops!I Did It Again.mp3	--a---- 3431164 bytes	[09:31 08/01/2012]	[09:31 08/01/2012]
Brittany - 1, 2, 3.mp3	--a---- 6556988 bytes	[03:58 31/07/2011]	[08:35 08/10/2011]
Brittany - Piece of Me.mp3	--a---- 5151668 bytes	[03:08 31/07/2011]	[01:35 08/10/2011]
Brittany - Slave for you.mp3	--a---- 3463168 bytes	[03:14 31/07/2011]	[21:51 30/10/2011]
Brittany - Toxic.mp3	--a---- 4918848 bytes	[03:35 31/07/2011]	[03:36 31/07/2011]
Bruno Mars - Travis McCoy - Billionaire.mp3	--a---- 6867454 bytes	[03:41 03/01/2012]	[04:43 09/01/2012]
Carlos santana and michelle branch - The game of love.mp3	--a---- 6141993 bytes	[00:03 03/01/2012]	[00:06 03/01/2012]
Carrie Underwood - Last Name.mp3	--a---- 5313882 bytes	[08:27 22/03/2009]	[09:35 22/03/2009]
Carrie Underwood- Before He Cheats.mp3	--a---- 5622768 bytes	[08:26 22/03/2009]	[18:32 13/04/2009]
Charlie Daniels Band - The Devil Went Down to Georgia.mp3	--a---- 3478452 bytes	[07:18 22/03/2009]	[18:32 13/04/2009]
Chris Botti - The Look Of Love.mp3	--a---- 5071603 bytes	[07:04 27/03/2009]	[07:09 27/03/2009]
Chris Brown - Forever.mp3	--a---- 3348002 bytes	[06:39 22/03/2009]	[18:43 13/04/2009]
Christina Aguilera - Beautiful.mp3	--a---- 3819520 bytes	[07:18 22/03/2009]	[18:32 13/04/2009]
Christina Aguilera - Candy Man.mp3	--a---- 5105314 bytes	[07:18 22/03/2009]	[18:32 13/04/2009]
Christina Aguilera - Genie in a Bottle.mp3	--a---- 5213970 bytes	[07:19 22/03/2009]	[18:32 13/04/2009]
Christina Aguilera - Hurt.mp3	--a---- 5552204 bytes	[07:19 22/03/2009]	[18:32 13/04/2009]
Christina Aguilera - Keeps Getting Better.mp3	--a---- 4411807 bytes	[06:43 22/03/2009]	[18:43 13/04/2009]
Christina Aguilera - Lady Marmalade.mp3	--a---- 6375674 bytes	[07:19 22/03/2009]	[18:32 13/04/2009]
Christina Aguilera- Walk Away.mp3	--a---- 8343021 bytes	[01:18 25/12/2008]	[18:32 13/04/2009]
Cold Play - Clocks.mp3	--a---- 7362560 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold Play - Fix You.mp3	--a---- 5507168 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold play - green eyes.mp3	--a---- 3574107 bytes	[08:31 22/03/2009]	[05:38 10/01/2012]
Cold Play - I'll see you soon.mp3	--a---- 2746966 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold Play - In My Place.MP3	--a---- 3690624 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold Play - Nobody Said It Was Easy.mp3	--a---- 6186927 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold Play - Parachutes.mp3	--a---- 4340133 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold Play - Speed Of Sound.mp3	--a---- 6946944 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Cold play - The scientist.mp3	--a---- 4952119 bytes	[08:32 22/03/2009]	[18:32 13/04/2009]
Common ft. Will.I.Am - I Have A Dream.mp3	--a---- 4846925 bytes	[08:53 22/03/2009]	[18:33 13/04/2009]
Dance- Musica Electronica - tecno mix 2008.mp3	--a---- 3293145 bytes	[08:45 22/03/2009]	[18:43 13/04/2009]
David Guetta - Love is Gone (Radio Edit).mp3	--a---- 3162741 bytes	[07:19 22/03/2009]	[00:37 07/12/2008]
desktop.ini	---hs-- 394 bytes	[05:28 25/12/2008]	[04:36 26/05/2009]
Doors - Riders of the storm.mp3	--a---- 6912632 bytes	[21:53 30/07/2011]	[05:19 15/11/2011]
Doors - Touch Me.mp3	--a---- 3083457 bytes	[21:59 30/07/2011]	[07:55 17/11/2011]
Doors - When you're strange.mp3	--a---- 3031040 bytes	[21:38 30/07/2011]	[05:21 08/01/2012]
Doors-It's Not My Time.mp3	--a---- 3891379 bytes	[21:07 30/07/2011]	[21:07 30/07/2011]
Eagles - Best of my love.mp3	--a---- 4335210 bytes	[04:31 05/08/2011]	[04:31 05/08/2011]
Eagles - Sweet Home Alabama.mp3	--a---- 4804903 bytes	[04:25 05/08/2011]	[05:30 15/11/2011]
Eagles - Take it to the limit.mp3	--a---- 5845654 bytes	[04:36 05/08/2011]	[04:36 05/08/2011]
Eagles - Tequila Sunrise.mp3	--a---- 4124077 bytes	[05:27 05/08/2011]	[05:28 05/08/2011]
Earth, Wind and Fire - Disco Inferno.mp3	--a---- 6233034 bytes	[12:12 11/06/2009]	[20:14 14/06/2009]
Edward Maya - Desert Rain ( Official Version ) [www.insnd.net].mp3 --a---- 10334615 bytes	[04:42 04/12/2011]	[04:42 04/12/2011]
Edward Maya - A World Between Mirrors.mp3	--a---- 7222957 bytes	[04:56 04/12/2011]	[23:31 05/12/2011]
Edward Maya - Akcent (Stay With Me) - Hisongs.mp3	--a---- 12900755 bytes	[04:50 04/12/2011]	[04:51 04/12/2011]
Edward Maya - Stereo Love.mp3	--a---- 12856383 bytes	[05:06 04/12/2011]	[05:07 04/12/2011]
Eminem-I need a Doctor.mp3	--a---- 6854539 bytes	[19:18 25/07/2011]	[08:34 17/11/2011]
Enrique-Tonight Lovin You,mp3.mp3	--a---- 7407011 bytes	[05:50 26/07/2011]	[05:51 26/07/2011]
Enya - Only in Time.mp3	--a---- 3491299 bytes	[07:00 26/07/2011]	[07:00 26/07/2011]
Enya-Watermark.mp3	--a---- 2330752 bytes	[09:08 28/07/2011]	[05:30 11/09/2011]
Far East Movement - Rocketeer (feat. Ryan Tedder).mp3	--a---- 3717333 bytes	[04:22 12/12/2011]	[04:22 12/12/2011]
Far East Movement - Rocketeer.mp3	--a---- 8821535 bytes	[09:19 01/10/2011]	[09:20 01/10/2011]
Far East Movement - The Cataracs & Dev - Like A G6.mp3	--a---- 3520836 bytes	[04:22 12/12/2011]	[04:23 12/12/2011]
Far East Movement ft. The Cataracs & Dev - Like A G6.mp3	--a---- 8768106 bytes	[09:26 01/10/2011]	[09:26 01/10/2011]
Flo Rida - Good Feeling.mp3	--a---- 4134733 bytes	[09:15 01/10/2011]	[09:15 01/10/2011]
Flo RIda ft Akon - Who Dat Girl.mp3	--a---- 6402762 bytes	[08:45 01/10/2011]	[08:45 01/10/2011]
Flo Rida ft. T-Pain - Low.mp3	--a---- 3735387 bytes	[07:19 22/03/2009]	[18:43 13/04/2009]
Flo-Rida ft. T-Pain - Low (Apple Bottom Jeans).mp3	--a---- 3735387 bytes	[09:02 01/10/2011]	[09:03 01/10/2011]
Flo-Rida ft. T-Pain - Zoosk Girl.mp3	--a---- 7736469 bytes	[08:58 01/10/2011]	[08:59 01/10/2011]
Flo-Rida-Club Can't Handle Me.mp3	--a---- 9417555 bytes	[08:51 01/10/2011]	[08:52 01/10/2011]
French Music - Mireille Mathieu - La Vie En Rose .mp3	--a---- 3407092 bytes	[07:19 22/03/2009]	[18:43 13/04/2009]
Gipsy Kings & Strunz and Farrah.mp3	--a---- 4655232 bytes	[07:03 14/01/2012]	[07:02 14/01/2012]
Gipsy Kings - Baila Me.mp3	--a---- 3634434 bytes	[07:38 14/01/2012]	[07:38 14/01/2012]
Gipsy Kings - Bamboleo.mp3	--a---- 3296112 bytes	[06:14 13/01/2012]	[06:14 13/01/2012]
Gipsy Kings - Bem Bem.mp3	--a---- 5148384 bytes	[02:15 04/08/2011]	[05:16 11/01/2012]
Gipsy Kings - El Mariachi (Desperado).mp3	--a---- 2032256 bytes	[07:06 14/01/2012]	[07:06 14/01/2012]
Gipsy Kings - Espaniol Guitar.mp3	--a---- 4655232 bytes	[02:12 04/08/2011]	[02:12 04/08/2011]
Gipsy kings - Maria Dolores.mp3	--a---- 4501504 bytes	[07:22 13/01/2012]	[07:22 13/01/2012]
Gipsy Kings - Triste pena.mp3	--a---- 6847288 bytes	[08:30 14/01/2012]	[08:30 14/01/2012]
Gipsy Kings - Un Amor.mp3	--a---- 3506329 bytes	[06:26 13/01/2012]	[06:26 13/01/2012]
Gipsy Kings - Volare.mp3	--a---- 5271648 bytes	[07:31 13/01/2012]	[07:31 13/01/2012]
Gipsy Kings - Zorba the Greek.mp3	--a---- 2822144 bytes	[07:15 14/01/2012]	[07:15 14/01/2012]
Gypsy Kings - Djobi Djoba.mp3	--a---- 4092556 bytes	[07:10 14/01/2012]	[07:11 14/01/2012]
Heart - Alone.mp3	--a---- 7013784 bytes	[09:31 22/03/2009]	[18:33 13/04/2009]
Janet Jackson - Never Fall in Love Again.mp3	--a---- 3637248 bytes	[09:09 27/12/2011]	[09:09 27/12/2011]
Jason Mraz - I'm Yours.mp3	--a---- 4126179 bytes	[07:21 27/12/2011]	[07:21 27/12/2011]
Jay Sean - Yalla Asia.mp3	--a---- 3305659 bytes	[02:19 31/07/2011]	[02:21 31/07/2011]
Jennifer Lopez - My Love don't cost a thing.mp3	--a---- 3575808 bytes	[06:04 26/12/2011]	[06:04 26/12/2011]
Jennifer Lopez - On the Floor.mp3	--a---- 9294248 bytes	[22:35 25/07/2011]	[01:49 28/10/2011]
Jennifer Lopez - Waiting for Tonight.mp3	--a---- 5968234 bytes	[05:55 26/12/2011]	[06:12 26/12/2011]
Jordan Sparks feat. Chris Brown - No Air.mp3	--a---- 7216224 bytes	[07:19 22/03/2009]	[18:33 13/04/2009]
Joss Stone - At last.mp3	--a---- 3645683 bytes	[06:50 27/03/2009]	[18:33 13/04/2009]
Journey - Don't Stop Believin.mp3	--a---- 8040448 bytes	[04:33 02/08/2011]	[04:33 02/08/2011]
Journey - Faithfully.mp3	--a---- 4274189 bytes	[04:39 02/08/2011]	[04:39 02/08/2011]
Journey - Open Arms.mp3	--a---- 7407724 bytes	[05:11 02/08/2011]	[05:11 02/08/2011]
Justin Timbaland - Way I Are.wma	--a---- 2921801 bytes	[02:42 25/12/2008]	[21:05 05/12/2008]
Justin Timberlake - Cry Me A River.mp3	--a---- 4662751 bytes	[11:28 01/10/2011]	[11:28 01/10/2011]
Justin Timberlake - Its Too Late to apologize.mp3	--a---- 2443067 bytes	[11:20 01/10/2011]	[11:20 01/10/2011]
Justin Timberlake - My Love.mp3	--a---- 4424141 bytes	[11:01 01/10/2011]	[05:47 05/01/2012]
Justin Timberlake - Rock Your Body.mp3	--a---- 6469101 bytes	[09:57 01/10/2011]	[09:57 01/10/2011]
Justin Timberlake - Sexy back.mp3	--a---- 1459296 bytes	[11:16 01/10/2011]	[11:15 01/10/2011]
Justin Timberlake - Summer Love.mp3	--a---- 4083207 bytes	[10:19 01/10/2011]	[10:19 01/10/2011]
Justin Timberlake - What Goes Around .Comes Around.mp3	--a---- 8974464 bytes	[10:05 01/10/2011]	[10:06 01/10/2011]
Justin Timberlake TI ft. - Dead and Gone.mp3	--a---- 4797906 bytes	[10:41 01/10/2011]	[10:41 01/10/2011]
Kalan Porter - Down In Heaven.mp3	--a---- 2442440 bytes	[07:20 22/03/2009]	[18:34 13/04/2009]
Kansas - Dust in the Wind.mp3	--a---- 4924272 bytes	[05:49 04/08/2011]	[05:48 04/08/2011]
Kansas - Wayward Son.mp3	--a---- 5643949 bytes	[06:56 04/08/2011]	[06:56 04/08/2011]
Kanye West - Heartless.mp3	--a---- 3441740 bytes	[10:00 03/01/2012]	[10:01 03/01/2012]
Kanye West- Heartless.mp3	--a---- 5246258 bytes	[04:01 03/01/2012]	[04:01 03/01/2012]
Kate Perry - California Gurls.mp3	--a---- 7116232 bytes	[22:54 04/12/2011]	[22:55 04/12/2011]
Kate Perry - Hot N Cold.mp3	--a---- 5283968 bytes	[07:20 22/03/2009]	[18:34 13/04/2009]
Kate Perry - Last Friday Night.mp3	--a---- 5672084 bytes	[06:48 04/12/2011]	[07:55 04/12/2011]
Kate Perry - Teenage Dream.mp3	--a---- 3645056 bytes	[06:51 04/12/2011]	[06:51 04/12/2011]
Kate Perry-I kissed a girl.mp3	--a---- 2146161 bytes	[07:20 22/03/2009]	[18:43 13/04/2009]
Katy Perry - Firework.mp3	--a---- 3653760 bytes	[22:43 04/12/2011]	[22:43 04/12/2011]
Katy Perry - The One That Got Away.mp3	--a---- 9424978 bytes	[03:28 03/01/2012]	[03:29 03/01/2012]
Katy Perry - Ur So Gay.mp3	--a---- 5318156 bytes	[23:33 04/12/2011]	[23:33 04/12/2011]
Katy Perry - Waking Up In Vegas.mp3	--a---- 7974576 bytes	[06:55 04/12/2011]	[06:55 04/12/2011]
Kayne West - Stronger.mp3	--a---- 5516111 bytes	[07:20 22/03/2009]	[18:43 13/04/2009]
Keesha - Blow.mp3	--a---- 6171264 bytes	[22:07 21/09/2011]	[22:08 21/09/2011]
Keesha - My First Kiss.mp3	--a---- 3087132 bytes	[01:26 22/09/2011]	[01:27 22/09/2011]
Keesha - Paper Airplane.mp3	--a---- 2854769 bytes	[05:36 04/12/2011]	[05:36 04/12/2011]
Keesha - Take it Off.mp3	--a---- 5437569 bytes	[01:30 22/09/2011]	[01:31 22/09/2011]
Keesha - Tick Tock.mp3	--a---- 3189241 bytes	[22:28 21/09/2011]	[22:29 21/09/2011]
Keesha - We R who we R.mp3	--a---- 8437944 bytes	[00:33 22/09/2011]	[00:35 22/09/2011]
Keesha - Your love is my drug.mp3	--a---- 3005309 bytes	[18:55 21/09/2011]	[05:33 27/11/2011]
Keesha Feat. Travis McCoy - Want U Bad.mp3	--a---- 5055358 bytes	[05:26 04/12/2011]	[05:27 04/12/2011]
Keesha-Brittany - Till the world ends.mp3	--a---- 5685504 bytes	[01:57 22/09/2011]	[06:49 27/11/2011]
Kelly Clarkson - Because Of You.mp3	--a---- 3861408 bytes	[07:32 07/01/2012]	[07:32 07/01/2012]
Kelly Clarkson - Behind These Hazel Eyes.mp3	--a---- 4783377 bytes	[03:58 01/10/2011]	[21:08 29/11/2011]
Kelly Clarkson - Break Away.mp3	--a---- 5791262 bytes	[06:41 07/01/2012]	[06:42 07/01/2012]
Kelly Clarkson - Since You've Been Gone.mp3	--a---- 5448484 bytes	[10:26 04/01/2012]	[10:26 04/01/2012]
Kelly Clarkson - Walk Away.mp3	--a---- 3025024 bytes	[07:06 07/01/2012]	[07:07 07/01/2012]
Kelly Clarkson - What Doesn't Kill You.mp3	--a---- 8837953 bytes	[09:16 05/01/2012]	[06:31 07/01/2012]
Kevin Rudolf feat. Lil' Wayne - Let It Rock.mp3	--a---- 4724028 bytes	[07:20 22/03/2009]	[18:43 13/04/2009]
KOS - Sunday Morning.mp3	--a---- 5524304 bytes	[07:20 22/03/2009]	[18:34 13/04/2009]
Kreesha Turner - Don't Call Me Baby.mp3	--a---- 2458209 bytes	[20:51 10/01/2009]	[18:34 13/04/2009]
Lady Antebellum - Need U Now.mp3	--a---- 6510912 bytes	[08:22 27/12/2011]	[08:22 27/12/2011]
Lady Gaga - Bad Romance.mp3	--a---- 11830541 bytes	[08:10 03/01/2012]	[08:11 03/01/2012]
Lady GaGa - Just Dance (Feat Colby O'Donis & Akon).mp3	--a---- 2978991 bytes	[07:20 22/03/2009]	[23:35 04/12/2008]
Lady Gaga - Paparazzi.mp3	--a---- 3347357 bytes	[08:26 03/01/2012]	[08:26 03/01/2012]
Lady Gaga - pokerface.mp3	--a---- 5161847 bytes	[09:15 03/01/2012]	[09:16 03/01/2012]
Lady Gaga - You and I.mp3	--a---- 9888987 bytes	[09:35 03/01/2012]	[09:36 03/01/2012]
Lady Gaga Alejandro.mp3	--a---- 6873979 bytes	[09:53 03/01/2012]	[09:54 03/01/2012]
Lady Gaga feat. Beyoce - Telephone.mp3	--a---- 6191376 bytes	[09:45 03/01/2012]	[09:45 03/01/2012]
Lenny Kravitz---American Woman.mp3	--a---- 6237818 bytes	[07:21 22/03/2009]	[18:34 13/04/2009]
LMFAO - Party Rock Anthem.mp3	--a---- 10540108 bytes	[07:48 03/01/2012]	[07:49 03/01/2012]
Madonna - 4 Minutes.mp3	--a---- 3274385 bytes	[04:45 30/07/2011]	[21:05 05/12/2008]
Madonna - 4 Minutes.wma	--a---- 3274385 bytes	[06:11 22/03/2009]	[21:05 05/12/2008]
Madonna - Celebration.mp3	--a---- 5181568 bytes	[05:49 10/08/2011]	[05:50 10/08/2011]
Madonna - Commotion.mp3	--a---- 4204868 bytes	[04:50 10/08/2011]	[04:50 10/08/2011]
Madonna - Frozen.mp3	--a---- 5954442 bytes	[23:30 11/08/2011]	[23:31 11/08/2011]
Madonna - Las Isla Bonita.mp3	--a---- 5472538 bytes	[04:54 10/08/2011]	[04:54 10/08/2011]
Madonna - Live to Tell.mp3	--a---- 7651777 bytes	[05:34 10/08/2011]	[05:34 10/08/2011]
Madonna - Oh Father.mp3	--a---- 4775977 bytes	[23:37 11/08/2011]	[23:37 11/08/2011]
Madonna - Ray of Light.mp3	--a---- 5123792 bytes	[07:43 12/08/2011]	[07:45 12/08/2011]
Madonna - Vogue.mp3	--a---- 5079875 bytes	[07:35 12/08/2011]	[07:36 12/08/2011]
Maroon 5 - Moves Like A Jagger.mp3	--a---- 4906957 bytes	[10:05 03/01/2012]	[10:05 03/01/2012]
Maroon 5 - Moves Like Jagger.mp3	--a---- 3222234 bytes	[05:08 02/10/2011]	[05:08 02/10/2011]
Maroon 5 - She Will Be Loved.mp3	--a---- 2055585 bytes	[05:26 02/10/2011]	[05:26 02/10/2011]
MGMT - Time To Pretend.mp3	--a---- 4305024 bytes	[20:28 14/06/2009]	[20:35 14/06/2009]
Natasha Bedingfield - Love Like This Ft. Sean Kingston.mp3	--a---- 3587806 bytes	[03:33 13/01/2009]	[03:36 13/01/2009]
Natasha Bedingfield - Pocket Full Of Sunshine.mp3	--a---- 3248010 bytes	[20:54 10/01/2009]	[20:55 10/01/2009]
Natasha Bedingfield - Soulmate.mp3	--a---- 3434508 bytes	[03:33 13/01/2009]	[18:34 13/04/2009]
Natasha Bedingfield - Unwritten.mp3	--a---- 6231415 bytes	[03:33 13/01/2009]	[18:34 13/04/2009]
Ne-Yo- Closer.mp3	--a---- 5725248 bytes	[07:21 22/03/2009]	[18:35 13/04/2009]
Nelly Fertado Feat. Timbaland- Loose.mp3	--a---- 5942506 bytes	[07:49 22/03/2009]	[18:34 13/04/2009]
Nelly Fertado ft. Coldplay - All Good Things Come to an End Remix.mp3	--a---- 5269298 bytes	[07:50 22/03/2009]	[07:55 22/03/2009]
Nelly Furtado - All Good Things Come To An End.mp3	--a---- 4977540 bytes	[05:49 28/12/2011]	[05:50 28/12/2011]
Nelly Furtado - Do It.mp3	--a---- 6797311 bytes	[23:16 30/12/2008]	[18:58 30/07/2011]
Nelly Furtado - Say It Right.mp3	--a---- 5482822 bytes	[06:05 28/12/2011]	[06:06 28/12/2011]
Nelly Furtado - Turn Off the Light.mp3	--a---- 4225333 bytes	[06:53 28/12/2011]	[06:53 28/12/2011]
Nelly Furtado Ft. Timbaland - Promiscuous Girl..mp3	--a---- 7540770 bytes	[06:23 28/12/2011]	[06:25 28/12/2011]
Nickelback - Far Away.mp3	--a---- 7318860 bytes	[10:36 09/10/2011]	[10:37 09/10/2011]
Nickelback - Gotta Be Somebody.mp3	--a---- 8309866 bytes	[06:23 09/10/2011]	[10:20 09/10/2011]
Nickelback - If Everyone Cared.wma	--a---- 3513707 bytes	[07:22 25/12/2008]	[18:32 13/04/2009]
Nickelback - If Today Was Your Last Day.mp3	--a---- 5958886 bytes	[11:11 09/10/2011]	[11:12 09/10/2011]
Nickelback - Photograph.wma	--a---- 4177029 bytes	[07:22 25/12/2008]	[18:32 13/04/2009]
Nickelback - Rockstar.wma	--a---- 4117265 bytes	[07:22 25/12/2008]	[18:32 13/04/2009]
Nickelback - Shakin' Hands.mp3	--a---- 3526656 bytes	[01:20 11/10/2011]	[02:01 11/10/2011]
Nickelback feat. Santana - Into the night.mp3	--a---- 5313204 bytes	[08:45 02/01/2012]	[08:46 02/01/2012]
Norah Jones - Come Away With Me.mp3	--a---- 2979129 bytes	[07:09 27/03/2009]	[18:43 13/04/2009]
Norah Jones - Don't Know Why.mp3	--a---- 2677376 bytes	[07:09 27/03/2009]	[18:47 13/04/2009]
Norah Jones - Turn Me On.mp3	--a---- 2461824 bytes	[07:09 27/03/2009]	[07:11 27/03/2009]
Oliver Shanti - Journey To Schambala.mp3	--a---- 4449636 bytes	[07:12 02/08/2011]	[07:12 02/08/2011]
One Republic - Apologize.wma	--a---- 3011441 bytes	[01:56 25/12/2008]	[21:05 05/12/2008]
One Republic - Dreaming Out Loud.mp3	--a---- 4455230 bytes	[03:32 05/12/2008]	[18:35 13/04/2009]
One Republic - Stop & Stare.mp3	--a---- 3592914 bytes	[23:06 30/12/2008]	[18:35 13/04/2009]
Owl City - Fireflies.mp3	--a---- 3660170 bytes	[05:33 27/12/2011]	[05:34 27/12/2011]
Owl City - Vanilla Twilight.mp3	--a---- 1892717 bytes	[06:12 27/12/2011]	[06:12 27/12/2011]
P!nk - Raise Your Glass.mp3	--a---- 6534642 bytes	[07:59 27/12/2011]	[05:20 28/12/2011]
Phil Collins & Genesis - That's All.mp3	--a---- 4251136 bytes	[08:32 19/04/2009]	[08:33 19/04/2009]
Phil Collins - Against All Odds.mp3	--a---- 3323237 bytes	[08:29 19/04/2009]	[14:18 14/10/2011]
Phill Collins - In The Air Tonight.mp3	--a---- 5385950 bytes	[08:32 19/04/2009]	[08:33 19/04/2009]
Phill Collins- Separate Lives.mp3	--a---- 3949306 bytes	[08:32 19/04/2009]	[08:35 19/04/2009]
Pink - Fuking Perfect.mp3	--a---- 5147131 bytes	[07:52 27/12/2011]	[07:52 27/12/2011]
Pink - Please Don't Leave Me .mp3	--a---- 5566738 bytes	[05:13 28/12/2011]	[05:15 28/12/2011]
Pink - So What.mp3	--a---- 3432696 bytes	[07:21 22/03/2009]	[07:45 27/12/2011]
Pink- Get The Party Started.mp3	--a---- 3106944 bytes	[07:39 27/12/2011]	[07:39 27/12/2011]
*****cat Dolls - I Don't Need A Man.mp3	--a---- 6275782 bytes	[06:46 22/03/2009]	[18:35 13/04/2009]
*****cat Dolls - stick with you.mp3	--a---- 4947699 bytes	[07:21 22/03/2009]	[18:35 13/04/2009]
*****cat Dolls - When I Grow Up.mp3	--a---- 5804032 bytes	[07:21 22/03/2009]	[18:36 13/04/2009]
Rare Earth - get ready full version.mp3	--a---- 19739420 bytes	[23:36 04/12/2011]	[02:18 07/12/2011]
Rare Earth - I Just Want To Celebrate.mp3	--a---- 3454976 bytes	[07:47 27/03/2009]	[18:42 13/04/2009]
Rem - Everybody Hurts.mp3	--a---- 5129333 bytes	[06:47 29/12/2011]	[06:48 29/12/2011]
rem - losing my religion.mp3	--a---- 4303725 bytes	[07:58 29/12/2011]	[07:58 29/12/2011]
Right as Rain.mp3	--a---- 6268574 bytes	[04:05 27/12/2011]	[04:06 27/12/2011]
Rihanna & Young Jeezy - Hard.mp3	--a---- 4085366 bytes	[05:13 05/10/2011]	[09:48 04/01/2012]
Rihanna - Disturbia.mp3	--a---- 9546591 bytes	[05:09 05/10/2011]	[05:09 05/10/2011]
Rihanna - Don't stop the music.mp3	--a---- 5357696 bytes	[05:05 05/10/2011]	[05:15 05/10/2011]
Rihanna - Hate that I Love You (Feat. Ne-Yo.mp3	--a---- 5494784 bytes	[05:23 26/12/2011]	[05:23 26/12/2011]
Rihanna - Love the way you lie.mp3	--a---- 7243394 bytes	[05:16 05/10/2011]	[05:17 05/10/2011]
Rihanna - Man Down.mp3	--a---- 8130702 bytes	[06:24 26/12/2011]	[07:31 04/01/2012]
Rihanna - Only girl in the world.mp3	--a---- 5662256 bytes	[05:17 05/10/2011]	[05:17 05/10/2011]
Rihanna - Please Don't Stop The Music.mp3	--a---- 6944896 bytes	[07:21 22/03/2009]	[23:52 24/12/2008]
Rihanna - Pon de Replay.mp3	--a---- 6109677 bytes	[05:07 26/12/2011]	[05:08 26/12/2011]
Rihanna - Rude Boy.mp3	--a---- 3694595 bytes	[03:40 11/10/2011]	[03:41 11/10/2011]
Rihanna - S&M.mp3	--a---- 9781710 bytes	[05:08 26/12/2011]	[05:42 26/12/2011]
Rihanna - SOS.mp3	--a---- 5769344 bytes	[05:16 26/12/2011]	[06:51 04/01/2012]
Rihanna - T.I. feat Live Your Life.mp3	--a---- 3867001 bytes	[05:22 28/12/2011]	[05:22 28/12/2011]
Rihanna - Take a Bow.mp3	--a---- 3732461 bytes	[20:39 24/12/2008]	[13:27 09/10/2011]
Rihanna - Umbrella (No Rap Edit).mp3	--a---- 5442291 bytes	[05:03 05/10/2011]	[05:10 05/10/2011]
Rihanna - Unfaithful.mp3	--a---- 6063784 bytes	[04:56 05/10/2011]	[05:01 05/10/2011]
Rihanna - We Found Love (Feat. Calvin Harris).mp3	--a---- 8649489 bytes	[01:28 03/01/2012]	[06:10 04/01/2012]
Rihanna - We Ride.mp3	--a---- 5837468 bytes	[05:19 26/12/2011]	[05:19 26/12/2011]
Rihanna - What's My Name.mp3	--a---- 6195451 bytes	[05:18 05/10/2011]	[05:19 05/10/2011]
Rihanna- Shut Up and Drive.mp3	--a---- 5421184 bytes	[07:22 22/03/2009]	[09:20 27/03/2009]
Salt 'N Peppa with TLC - Whatta Man.mp3	--a---- 4939904 bytes	[06:21 22/03/2009]	[09:20 27/03/2009]
Santana - Black Magic Woman.mp3	--a---- 4705088 bytes	[08:14 02/01/2012]	[08:14 02/01/2012]
Santana - Europa samba.mp3	--a---- 4930585 bytes	[09:30 02/01/2012]	[09:30 02/01/2012]
Santana - Evil Ways.mp3	--a---- 3757163 bytes	[08:19 02/01/2012]	[08:19 02/01/2012]
Santana - Oye Como Va.mp3	--a---- 6199424 bytes	[23:52 02/01/2012]	[23:53 02/01/2012]
Santana - Smooth.mp3	--a---- 5760911 bytes	[08:35 02/01/2012]	[08:36 02/01/2012]
Sara Bareilles - Love Song.mp3	--a---- 6215808 bytes	[07:33 27/12/2011]	[07:33 27/12/2011]
Sean Kingston - Take You There.mp3	--a---- 4740809 bytes	[07:22 22/03/2009]	[00:24 07/12/2008]
Sean Paul Ft. Keshia Cole-Give It Up To Me (Step Up Soundtrack).mp3	--a---- 7814777 bytes	[07:22 22/03/2009]	[09:20 27/03/2009]
Shaggy - Feel The Rush.mp3	--a---- 4846356 bytes	[07:54 22/03/2009]	[18:42 13/04/2009]
Simple Plan - Your Love Is A Lie.mp3	--a---- 3762446 bytes	[01:39 07/12/2011]	[01:39 07/12/2011]
Spinners - Ain't No Woman (Like The One I've Got).mp3	--a---- 7483987 bytes	[01:13 27/03/2009]	[18:42 13/04/2009]
Spinners - The Rubberband Man.mp3	--a---- 3463562 bytes	[01:12 27/03/2009]	[01:13 27/03/2009]
Spinners - Then Came You.mp3	--a---- 3833918 bytes	[01:13 27/03/2009]	[18:42 13/04/2009]
Stars on 45 - Long Version.mp3	--a---- 25828563 bytes	[07:32 24/09/2011]	[07:36 24/09/2011]
Sting - Desert Rose.mp3	--a---- 4580135 bytes	[07:31 27/03/2009]	[09:20 27/03/2009]
Sting - Shape Of My Heart.mp3	--a---- 4543726 bytes	[07:32 27/03/2009]	[09:20 27/03/2009]
super tramp - supertramp - take a look at my girlfriend.mp3	--a---- 2569316 bytes	[07:22 22/03/2009]	[09:20 27/03/2009]
The All American Rejects - Gives You Hell.mp3	--a---- 3388951 bytes	[07:22 22/03/2009]	[09:20 27/03/2009]
The Spinners - Could It Be I'm Falling In Love.mp3	--a---- 4044800 bytes	[01:12 27/03/2009]	[18:32 13/04/2009]
The Spinners - I'll Be Around.mp3	--a---- 3074120 bytes	[01:11 27/03/2009]	[18:42 13/04/2009]
Three Days Grace - Never Too Late.mp3	--a---- 5881856 bytes	[20:58 10/01/2009]	[18:32 13/04/2009]
Toto - Africa.mp3	--a---- 4196772 bytes	[08:37 22/03/2009]	[18:32 13/04/2009]
Yves Larock - Children Of The Sun (Vandalism Remix).mp3	--a---- 14306183 bytes	[06:45 22/03/2009]	[06:46 22/03/2009]
Yves Larock - Rise Up (Original Radio Edit).mp3	--a---- 5261107 bytes	[07:22 22/03/2009]	[18:42 13/04/2009]

No folders found.

========== file ==========

C:\WINDOWS\system32\drivers\TrueSight.sys - File found and opened.
MD5: F69641EFDB19ACB4753B0155F7FDEED5
Created at 07:59 on 08/01/2012
Modified at 21:02 on 14/01/2012
Size: 111872 bytes
Attributes: --a--c-
No version information available.

-= EOF =-


----------



## ep2002 (Oct 31, 2006)

Ok, LOL, how come you guys don't just have us upload files to here? B/c that means we have to create a new membership there, but that's fine. I don't even know what a hedgehog is 

So that's done.

Another thing I wanted to upload here is this thing that a techie guy (he thought he was a techie, but I think he's more of hardware guy than anything) installed this black window that opens whenever I reboot.

It's been broken for several months now so should we uninstall it?

Here's a SS.

Thanks & I hope you are having a good day.


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi there,

Now my MS media player is not working <sigh>

Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, leave OTL for now.

Also, it looks like it can't find the location of the folders Banned and fe19a24640db537895a48aa9e4d1fd. Can you get the details for me, by right-clicking on the folders, and selecting Properties.

As for the 'The Car' folder, if you only want the album art gone, we'll do that now:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
AlbumArtSmall.jpg
AlbumArt_{039FDA74-793F-434C-98BB-302EFCCB6BB5}_Large.jpg
AlbumArt_{039FDA74-793F-434C-98BB-302EFCCB6BB5}_Small.jpg
AlbumArt_{04758E2C-04DE-41E6-B945-26E4CDD3A1CB}_Large.jpg
AlbumArt_{04758E2C-04DE-41E6-B945-26E4CDD3A1CB}_Small.jpg
AlbumArt_{09D2AB11-CC56-4394-B150-17113434708A}_Large.jpg
AlbumArt_{09D2AB11-CC56-4394-B150-17113434708A}_Small.jpg
AlbumArt_{0A0B70F4-AA3C-48FF-B440-70925C53A4A0}_Small.jpg
AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Large.jpg
AlbumArt_{0B5F1FE5-C942-4323-930F-A95BD4BF247F}_Small.jpg
AlbumArt_{1777A97A-C389-41C9-B311-CD5978BC9A1D}_Large.jpg
AlbumArt_{1777A97A-C389-41C9-B311-CD5978BC9A1D}_Small.jpg
AlbumArt_{2210B659-8CAF-433D-A7CD-1EAC6F695A4E}_Large.jpg
AlbumArt_{2210B659-8CAF-433D-A7CD-1EAC6F695A4E}_Small.jpg
AlbumArt_{29F64F20-1446-479A-A70C-137C155A43FD}_Large.jpg
AlbumArt_{29F64F20-1446-479A-A70C-137C155A43FD}_Small.jpg
AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Large.jpg
AlbumArt_{2D0281D0-5B60-4CDB-8305-4E09D85841CD}_Small.jpg
AlbumArt_{318448BE-9D03-4EB2-A01C-B4FB7C1916C3}_Large.jpg
AlbumArt_{318448BE-9D03-4EB2-A01C-B4FB7C1916C3}_Small.jpg
AlbumArt_{34FD2354-88E9-4860-AF22-7025000E0FBF}_Large.jpg
AlbumArt_{34FD2354-88E9-4860-AF22-7025000E0FBF}_Small.jpg
AlbumArt_{363416FA-845A-4CCF-997C-593D9A26F004}_Large.jpg
AlbumArt_{363416FA-845A-4CCF-997C-593D9A26F004}_Small.jpg
AlbumArt_{3AC5F9E4-658A-4141-89AF-8C20DCCC53A0}_Large.jpg
AlbumArt_{3AC5F9E4-658A-4141-89AF-8C20DCCC53A0}_Small.jpg
AlbumArt_{3B1B1322-1D67-49F8-B99D-9CF177C17E25}_Large.jpg
AlbumArt_{3B1B1322-1D67-49F8-B99D-9CF177C17E25}_Small.jpg
AlbumArt_{44A48110-BCCC-4869-B62E-072CC2B8CB4C}_Large.jpg
AlbumArt_{44A48110-BCCC-4869-B62E-072CC2B8CB4C}_Small.jpg
AlbumArt_{4A088018-3D89-4483-B635-67B2AB50E945}_Large.jpg
AlbumArt_{4A088018-3D89-4483-B635-67B2AB50E945}_Small.jpg
AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
AlbumArt_{53108605-9E3F-4BF0-BC52-3EEBBED12D98}_Large.jpg
AlbumArt_{53108605-9E3F-4BF0-BC52-3EEBBED12D98}_Small.jpg
AlbumArt_{55694816-A02E-43E4-BF85-C05DE514824C}_Large.jpg
AlbumArt_{55694816-A02E-43E4-BF85-C05DE514824C}_Small.jpg
AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Large.jpg
AlbumArt_{57F3A7F1-00BB-4F90-B59C-C12C1771FEDC}_Small.jpg
AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Large.jpg
AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Small.jpg
AlbumArt_{67AC618B-4202-44CE-B8C8-4CB93293B745}_Large.jpg
AlbumArt_{67AC618B-4202-44CE-B8C8-4CB93293B745}_Small.jpg
AlbumArt_{69D5840C-6CBE-4580-AA4C-B0064DC83AE8}_Large.jpg
AlbumArt_{69D5840C-6CBE-4580-AA4C-B0064DC83AE8}_Small.jpg
AlbumArt_{7C966C21-3F9B-4F62-89F0-5001F6874C08}_Large.jpg
AlbumArt_{7C966C21-3F9B-4F62-89F0-5001F6874C08}_Small.jpg
AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Large.jpg
AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Small.jpg
AlbumArt_{7F5135FA-BD2F-413F-AA32-E45786933541}_Large.jpg
AlbumArt_{7F5135FA-BD2F-413F-AA32-E45786933541}_Small.jpg
AlbumArt_{8159C3AF-1120-4B4A-BA7E-FA1BA11F774C}_Large.jpg
AlbumArt_{8159C3AF-1120-4B4A-BA7E-FA1BA11F774C}_Small.jpg
AlbumArt_{866F7EC7-163A-4791-BB41-8081A3C9DF2B}_Large.jpg
AlbumArt_{866F7EC7-163A-4791-BB41-8081A3C9DF2B}_Small.jpg
AlbumArt_{9805E048-C781-4D3B-806A-B6FEB1983DFB}_Large.jpg
AlbumArt_{9805E048-C781-4D3B-806A-B6FEB1983DFB}_Small.jpg
AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
AlbumArt_{AD428ED1-51B7-486B-8A57-5BD6F80F3395}_Large.jpg
AlbumArt_{AD428ED1-51B7-486B-8A57-5BD6F80F3395}_Small.jpg
AlbumArt_{B1D58CCC-6613-473D-86DE-ECCD4B9C6A3B}_Large.jpg
AlbumArt_{B1D58CCC-6613-473D-86DE-ECCD4B9C6A3B}_Small.jpg
AlbumArt_{B6607DA7-4518-4D5F-B602-AA1368780B95}_Large.jpg
AlbumArt_{B6607DA7-4518-4D5F-B602-AA1368780B95}_Small.jpg
AlbumArt_{C4A2B350-58D1-47F5-B124-246730B0E76E}_Large.jpg
AlbumArt_{C4A2B350-58D1-47F5-B124-246730B0E76E}_Small.jpg
AlbumArt_{D1006935-0869-4E78-9904-29B295BFD87F}_Large.jpg
AlbumArt_{D1006935-0869-4E78-9904-29B295BFD87F}_Small.jpg
AlbumArt_{D6773DA1-D4E7-41C7-9326-EA40D32A8398}_Large.jpg
AlbumArt_{D6773DA1-D4E7-41C7-9326-EA40D32A8398}_Small.jpg
AlbumArt_{DAAA0DAC-9BD9-4313-9A37-89C0FCF5BA56}_Large.jpg
AlbumArt_{DAAA0DAC-9BD9-4313-9A37-89C0FCF5BA56}_Small.jpg
AlbumArt_{DD9CDA92-6EB9-4DDA-B023-9BB913E2C024}_Large.jpg
AlbumArt_{DD9CDA92-6EB9-4DDA-B023-9BB913E2C024}_Small.jpg
AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg
AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg
AlbumArt_{E0B2DCF4-E7F5-4B3A-8F9F-FDBAF801EA70}_Large.jpg
AlbumArt_{E0B2DCF4-E7F5-4B3A-8F9F-FDBAF801EA70}_Small.jpg
AlbumArt_{EBAAD4B3-582A-406D-857F-70E248E67D7A}_Large.jpg
AlbumArt_{EBAAD4B3-582A-406D-857F-70E248E67D7A}_Small.jpg
AlbumArt_{EC5F2BD8-E111-4C24-88F8-16D062F227C0}_Large.jpg
AlbumArt_{EC5F2BD8-E111-4C24-88F8-16D062F227C0}_Small.jpg
AlbumArt_{FA714659-31A1-4F6C-8CF3-C68455F48AFA}_Large.jpg
AlbumArt_{FA714659-31A1-4F6C-8CF3-C68455F48AFA}_Small.jpg
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Large.jpg
AlbumArt_{FF1D2E96-DE54-444F-B327-0339F70B3F0E}_Small.jpg
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

------------------------------

We use that site as they're dedicated in checking files, as it takes certain types of software and skill to determine what the file is, where it came from, and the type of infection it causes 

---

Back on this reply:

http://forums.techguy.org/8210515-post18.html

We were talking about this on startup:

"c:\dostools\rmtemp.bat"

Now, you've just replied with a screenshot of a tool that is running from a command DOS prompt, which I believe is the same thing.

I'm going to see if someone can take a look at the screenshot of the details that are not hidden, to see what it does. Do you know why it was installed, and what he said it does?

eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, spoken to someone about the program at startup, and as its a bat file, can you post the contents of it?

Just right-click on it, select *Edit* and Copy/paste the contents here.


----------



## ep2002 (Oct 31, 2006)

Ok, whenever I go to properties I don't really see a path other than E:, so I took a SS & am pasting it here. I actually took a SS of the entire drive b/c I see other weird things, but not sure if they should be there or not, like msdownld, SMRTNTKY, althought .txt files & .dll files.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, huge problems again.

Ran OTM the first time, it closed down MBAM & crashed, so I had to do a cold reboot.

Then when I rebooted, I made sure ALL the windows (not necessarily applications) were closed & ran it again.

When I got back to the computer like 10 min. later, I had a blank blue screen which means the login window was gone. I've had that problem in the past where computer is completely blank blue (not the blue of death, the one that shows up on the background when you log into your computer.

I attributed that to the video card issues, but maybe all this time it wasn't, maybe it WAS something seizing the computer.

Also last night I had issues with shockwave flash. I was listening to music on that site I think I gave you & kept getting errors that the plugin was gone.

I went & DLed it & reinstalled it & had the same issue, but once I rebooted everything was fine <scary> 

As for the .bat file, it runs thru whatever it's doing & then disappears, so when I right click on it, nothing comes up.

So am I to assume that those "art" files are the cause of a lot (or all) of the problems on the computer & that's why we can't delete them b/c they are trying to seize hold of the computer?

That's 2 programs now that can't work  OTL & OTM <maybe it's just all programs that start with the letter "O" that is the problem LOL> Not funny I know.

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, I had tried to look for the _OTM area on C drive & it wasn't there, but then I happened across it by accident. It's on the D drive.

I looked into the 2 folders that must have been created when I tried to run it & they are both empty. Just so you know.


Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, as tools are not running, can you run this to see if something is hidden:

Please download GetPartitions from the link bellow on your desktop

getpartitions.exe

Double click to run it 
It will produce *C:\DiskReport.txt* log please post results from that log here to me

------

Also, make sure MBAM and any antivirus programs have scanning disabled, as it looks like its conflicting. You can turn it on again after:


Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*


----------



## eddie5659 (Mar 19, 2001)

At work at the moment, but the bat file is here:

c:\dostools\rmtemp.bat

So, if you right-click that and select Edit, just copy/paste here 

eddie


----------



## ep2002 (Oct 31, 2006)

Oops sorry, dahh LOL I was trying to do it while the thing was running.

Ok, here's that...

DEL %SystemRoot%\MEMORY.DMP /F
ATTRIB C:\*.SQM -R -S -H +A
DEL C:\*.SQM
rd /s/q %TEMP%
rd /s/q %TMP%
rd /s/q %SystemRoot%\TEMP
md %TEMP%
md %TMP%
md %SYSTEMROOT%\TEMP
SET SRC1=C:\Documents and Settings
SET SRC2=Local Settings\Temporary Internet Files\Content.IE5
SET SRC3=Local Settings\History

FOR /D %%X IN ("%SRC1%\*") DO FOR /D %%Y IN ("%%X\%SRC2%\*.*") DO RMDIR /S /Q "%%Y"
FOR /D %%X IN ("%SRC1%\*") DO FOR /D %%Y IN ("%%X\%SRC3%\*.*") DO RMDIR /S /Q "%%Y"
FOR /D %%X IN ("%SRC1%\*") DO FOR %%Y IN ("%%X\%SRC3%\*.*") DO DEL /F /S /Q "%%Y"


C:
CD %SYSTEMROOT%
DEL .\system32\spool\PRINTERS\*.* /f /s /q
rd "%SYSTEMROOT%\SoftwareDistribution\Download" /s/q
md "%SYSTEMROOT%\SoftwareDistribution\Download"
rd "%SYSTEMROOT%\System32\SoftwareDistribution\Download" /s/q
md "%SYSTEMROOT%\System32\SoftwareDistribution\Download"


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Okay, as tools are not running, can you run this to see if something is hidden:
> 
> Please download GetPartitions from the link bellow on your desktop
> 
> ...


Ok, I'm getting a 404 from that link you gave me.


----------



## eddie5659 (Mar 19, 2001)

You have a lot of add-ons running, which could be causing the script problems, and the slowness.

Also, is this the same computer as this one:

http://www.bleepingcomputer.com/forums/topic359807.html

Plus, just to double-check, are you based in Panama, as there is an IP address pointing there, and just checking you're not based in Canada, as the Location says 

Using SystemLook, can you run the following code for me:


```
:filefind
*Toolbar4*
*ChitChat*
*RelevantKnowledge*
:folderfind
*Toolbar4*
*ChitChat*
*RelevantKnowledge*
:regfind
*Toolbar4*
*ChitChat*
*RelevantKnowledge*
```
----------------

Can you then update Adobe Reader by going here and downloading the latest version:

http://get.adobe.com/uk/reader/otherversions/

You also seem to have your firewall disabled. Either use a free one, eg:

*Online Armor Free*

Or use Windows Firewall, which is just as good:

http://windows.microsoft.com/en-GB/windows-vista/Turn-Windows-Firewall-on-or-off

----

Do you run this program on a regular basis: *Defraggler*

Uninstall these programs because they're not needed or are outdated or are dangerous to use.

If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later 

Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

http://www.edbott.com/weblog/?p=643

-----------

Also, do you have SystemFiles showing, as the Album art are actually hidden files, that if they can't be deleted, are actually linked to the actual music. For instance, when you pop the cd into the drive, and play on WMP, you may see the CD cover showing in the playback details.

To check, do this:

In Windows Explorer, click on Tools | Folder Options. Then, View tab. Under Files and Folders, see if *Hide protected operating system files (Recommended)* is unticked. If it is, tick it, apply and ok.

The reason the other folders may not be deletable, is that they could be actual system files, and in doing so may cause the pc all sorts of problems.

Ah, yes you do have them showing (I'm typing this as I go thru the thread completly, so up to this part now  )

Here:

http://forums.techguy.org/8223051-post37.html

Can you see the SMRTNTKY folder on the screenshot? Well, just below it is a folder that looks very pale, called System Volume Information. This is a system file, and shouldn't be showing.

This is about the SMRTNTKY folder:

http://support.microsoft.com/kb/878475

---------

Can you do this for your router:

Update MBAM, then disconnect your system from the internet, and your router, then start MBAM and run a quick scan, as before.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you dont know the router's default password, you can look it up  HERE 

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out  this site here  for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

-------

Yep, see that the link is dead 

Can you do this instead:

Please download *MBRCheck.exe* to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:



> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type *N* and press *Enter*. A report will be produced on the desktop. Post that report in your next reply.

=================

eddie


----------



## Squashman (Apr 4, 2003)

Batch file is harmless.


----------



## eddie5659 (Mar 19, 2001)

Thanks Squashman :up:


Okay, you can remove that if its not working anymore


----------



## ep2002 (Oct 31, 2006)

Ok, not sure which add-ons you are talking about. In Fx or TB?

IMO I don't have a lot running as I disabled quite a few. Of course everything is relative. If you have very few, then you may think 7 is a lot, whereas I don't & I need every add-on I have (generally unless it's something I install & just forget about).

If you are talking about something else, pls. let me know.

Yes, that's the same computer as back in 2010.

I'm in Panama now, yes. 

I don't use firewalls online anymore. I used to use ZA & stopped b/c it was causing problems with a program (don't ask me which one, I can't remember).

I have heard over the years that I don't need a firewall. I have the one via the router. I even read an article by a serious geek about a month ago that said they are a waste of time & are only for people who don't know any better.

I won't use Window's, I don't trust windows for anything, although I do have to use Word & Excel.

I am exhausted, but wanted to at least respond to something in your list for now.

I'll try to finish up tomorrow.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Thanks Squashman :up:
> 
> Okay, you can remove that if its not working anymore


Please tell me how to remove it.

Just thought about it... delete it from C drive where you told me to look before?

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

SystemLook 30.07.11 by jpshortstuff
Log created at 00:15 on 18/01/2012 by Michelle
Administrator - Elevation successful

========== filefind ==========

Searching for "*Toolbar4*"
No files found.

Searching for "*ChitChat*"
No files found.

Searching for "*RelevantKnowledge*"
No files found.

========== folderfind ==========

Searching for "*Toolbar4*"
C:\Documents and Settings\Michelle\Application Data\Toolbar4	d----c-	[20:49 02/01/2012]
C:\Qoobox\Quarantine\C\Documents and Settings\Michelle\Application Data\Toolbar4	d----c-	[20:34 02/01/2012]

Searching for "*ChitChat*"
C:\Qoobox\Quarantine\C\Program Files\ChitChat Toolbar	d----c-	[20:34 02/01/2012]

Searching for "*RelevantKnowledge*"
No folders found.

========== regfind ==========

Searching for "*Toolbar4*"
No data found.

Searching for "*ChitChat*"
No data found.

Searching for "*RelevantKnowledge*"
No data found.

-= EOF =-


----------



## ep2002 (Oct 31, 2006)

I think I've answered everything except below. I answered all of this, then the computer crashed, so I have to do it all over again.



eddie5659 said:


> Can you then update Adobe Reader by going here and downloading the latest version:
> 
> http://get.adobe.com/uk/reader/otherversions/


Ok, re: this...

When X came out, it caused major problems & that's why I never updated. Do you still want me to update it?



eddie5659 said:


> Do you run this program on a regular basis: *Defraggler*
> 
> Uninstall these programs because they're not needed or are outdated or are dangerous to use.
> 
> ...


I don't use deffragler, not b/c I don't want to, but b/c I completely forgot about it, but considering how much I use the computer shouldn't I be defragging?

I spent about 30 minutes researching the software & only one person had a negative review about it.

I don't understand how that is any different than using MSs defrag tool other than it's faster & more efficient. Pls. explain.

I don't use things to change the registry, CC Cleaner I used to use & this I used once or twice.

I asked in another post whether you think deffraging in general is dangerous.

-----------



eddie5659 said:


> This is about the SMRTNTKY folder:


Ok, I see that greyed out folder, what do you want me to do to get rid of it? Use the instructions on this link below?

http://support.microsoft.com/kb/878475

---------



eddie5659 said:


> Can you do this for your router:


Oh pls. don't make me do this.

This router is brand new. It's about 2 months old & when we hooked it up, I started from scratch, I made sure she told me how to lock it down tight & I even changed the user name/p/w. My computer was a problem prior to the router, so I don't feel this is the issue. I even locked it down back in 2010 & changed the p/w then.

If you want me to still run a scan with the router unplugged, I can do that.



eddie5659 said:


> However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings.


I have a laptop, but no one has ever tried to clean it since the desktop was always more important (for work) & I was told to wait until the desktop was fixed first.

Not understanding which steps you want me to take to clean the laptop since we've tried so many things already. 



eddie5659 said:


> Please download *MBRCheck.exe* to your Desktop. Run the application.


Ok, this crashed the computer. At first i thought it was b/c I had windows open & a song playing, but once I rebooted & had no windows at all open, just the software, it just hung where that cursor was blinking & then I couldn't even start Fx, TB, go to a file, nothing, so I had to reboot again.

This is scary 

Thank you Eddie

Michelle


----------



## eddie5659 (Mar 19, 2001)

For the Add-ons, you have a few running, but only for Fx. However, although they shouldn't cause any slowness, I was thinking along the lines of the script error you were getting. Maybe one of them has become corrupted.

And I agree about the relative part, as I have a few running on Fx, but none for IE 

Well, in my honest opinion, and the majority of security people out there, a firewall is a musthave in todays society. A few years ago, before torrent/file sharing etc, the amount of malicious stuff out there was very small, but lately its not.

Although it can't stop you clicking a link etc, what it can do is stop trojans etc from getting out.

ZA is now bundled with conduit, so I never suggest using it anymore, but windows firewall is very good. But, if the router has one, make sure its fully configured 

As for the article by a serious geek, do you have the link?

--

For the bat file, its showing as here:

*c:\dostools\rmtemp.bat*

So, you should be able to locate it and delete it. However, we have a few folders to remove, so we can do it at the same time 

Have you re-installed Toolbar4, as we removed it originally as its considered malware, but its showing in the systemlook log as installed 02/01/2012.

---

There have been a few updates to Adobe Reader over the past months, but its up to you. It should be okay to leave it as it was.

As for defraggler, its fine if you don't use it. Its just some people use these tools to 'speed' the computers up, but end up having more problems. Defragging is a good idea, I tend to check to see if this needs doing now and then.

--

For the greyed out folder underneath SMRTNTKY, do not delete it. Its is a system file, so if you do this, it will hide them again:

In Windows Explorer, click on Tools | Folder Options. Then, View tab. Under Files and Folders, see if *Hide protected operating system files (Recommended)* is unticked. If it is, tick it, apply and ok.

--

The reason I mentioned the router part, is that you said this here:



> 10. In my router had 2 ports opened called RC1 & RC2 ports 5060 to 5090 & 8000 to 8200 (This isnt a problem that needs to be fixed, but its very suspicious, as I have no idea why this was there) I deleted them while on the phone with Linksys.


In the first post. However, if its all done, we'll ignore that part.

===============

As that tool has also failed to run, there is either something blocking them, or it needs a cleanup.

So, can you run this:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

And also do this:

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Then, can you use OTM and remove the bat file, in case its conflicting, as follows:

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
c:\dostools\rmtemp.bat
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

===============

Then, after doing the above to clear-up the tmp files etc, can you download these two tools to your desktop:

Download aswMBR.exe ( 511KB ) to your desktop.

Download the latest version of TDSSKiller from *here* and save it to your Desktop.

Can you boot to safe mode as follows:

_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Then, whilst there, run the tools as follows:

--

* aswMBR*

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









--


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

====

eddie


----------



## ep2002 (Oct 31, 2006)

Holy blank, this was a long one LOL

I'll get what I can done tonight, but I have to crash soon. Been a long day 



eddie5659 said:


> For the Add-ons, you have a few running, but only for Fx. However, although they shouldn't cause any slowness, I was thinking along the lines of the script error you were getting. Maybe one of them has become corrupted.


Yes, but I thought it was something with TB, not Fx. How do we pinpoint it? I thought it was one specific add-on, I removed that & then a month or two later another error showed up again.

I don't use IE btw, not unless I'm forced to by some company that has no idea what they are doing & only if I'm testing it. I'd use Chrome over IE any day.



eddie5659 said:


> Well, in my honest opinion, and the majority of security people out there, a firewall is a musthave in todays society. A few years ago, before torrent/file sharing etc, the amount of malicious stuff out there was very small, but lately its not.
> 
> Although it can't stop you clicking a link etc, what it can do is stop trojans etc from getting out.
> 
> ZA is now bundled with conduit, so I never suggest using it anymore, but windows firewall is very good. But, if the router has one, make sure its fully configured


Ok, fine, I've DLed armor all. I have to figure out how to use it & I hope I remember to do upgrades b/c I know I'll forget & I can't afford the paid version right now.

Pls. tell me what to do to make sure my router is full configured.



eddie5659 said:


> As for the article by a serious geek, do you have the link?


Sorry, I never kept it. I don't keep that kind of thing around & it was b4 I met you, otherwise I would have sent it to you 

He was basically saying most people have no clue what is pinging their computer anyway (all true), so even if they let something in it may be dangerous, or it could hinder work, plus the amount of time it takes up just to keep on top of everything is a pain in the a**

I agree with him, although I haven't used one in several years, so I hope it's not going to be like that now.

--



eddie5659 said:


> *c:\dostools\rmtemp.bat*


Done, but didn't see any other folders listed to remove.



eddie5659 said:


> Have you re-installed Toolbar4, as we removed it originally as its considered malware, but its showing in the systemlook log as installed 02/01/2012.


I have no clue what toolbar4 is. I don't have toolbars on my computer. They drive me crazy, so I've never had them. Pls. explain.



eddie5659 said:


> As for defraggler, its fine if you don't use it. Its just some people use these tools to 'speed' the computers up, but end up having more problems. Defragging is a good idea, I tend to check to see if this needs doing now and then.


Well how do you know when it needs to be done? I assume it always needs to be done.

So it's ok to use then? Like I said, I haven't done it in so long, the poor machine is probably freaking on me.

--



eddie5659 said:


> In Windows Explorer, click on Tools | Folder Options. Then, View tab. Under Files and Folders, see if *Hide protected operating system files (Recommended)* is unticked. If it is, tick it, apply and ok.


Ticked



eddie5659 said:


> The reason I mentioned the router part, is that you said this here:


Yes, well that scared me, b/c I had the router locked down & then I find out it wasn't. So how did that happen? That's why I felt I was being hacked, b/c I KNOW it was locked down. I did it myself.

I deleted/removed those 2 ports. Should I go in & check to make sure there's nothing open again? If there is, you have to help me figure out who's hacking. <sigh>



eddie5659 said:


> As that tool has also failed to run, there is either something blocking them, or it needs a cleanup.


I'm posting this for fear I'll lose it again when cleaning stuff up.


----------



## ep2002 (Oct 31, 2006)

Ok, Online Armor had me go thru what it's finding & so spent a lot of time trying to figure what is safe & what isn't.

Here's what I wasn't sure about...

http://www.hex2bit.com/products/product_mcw.asp
MS Extra Links - devicehandbook.exe

Erunt

Ultra tag editor - tageditor.exe

I.R.I.S OCR Registration - regipe.exe

ASUS Game Face Live - gameface.exe - I thought this was for the MB or something, but doesn't sound like it to me, but they also have ASUS SmartDoctor.exe & ASUS Video Security.exe
catalyst control center

https://www.maestro.fm/help - I know what this is, just wondering if it's dangerous at all b/c it's about music
mspicons.exe

How do I get the auto run for logmein turned off? I don't want to delete the software, but I certainly don't need it starting when I start the computer. I rarely use it.

Remotely Anywhere - Armor says it's there in autorun, but why can't I see it in add/remove programs?

listener.exe - my computer isn't Sony, so what's it doing on my computer?

Are these all ok below? They are on autorun

atkkbnt.sys
ATKKBService.exe
BanTExt.sys
Control Center Program
DgiVecp.sys
EIO.sys
LMIRfsDriver.sys
RaInfo.sys
rmtemp.bat

Thanks

Michelle


----------



## eddie5659 (Mar 19, 2001)

For the Add-Ons etc, this is where they are:

http://forums.techguy.org/8206192-post12.html

In the section called:

========== FireFox ==========

eg:

[2011/12/17 10:25:22 | 000,000,000 | ---D | M] *(SeoQuake)* -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}

So, this is SeoQuake. As you can see, there are quite a few.

--

For the router, the best thing is to make sure that the password is not an easy one, and that the security settings are enabled. If you can tell me the make/model, I'll see if I can find out the full settings you need 



> Done, but didn't see any other folders listed to remove.


Its okay, there wasn't amy others there 

As for Toolbar4, we'll remove it again. Maybe it didn't fully remove the first time.

As for the defragging, if you analyse the system it normally tells you how defragged it is, and in Win7, it may say you don't need to. However, leave it for the moment, as I think it may be something else, as its been going on for a while (as I saw the other thread).

*Hide protected operating system files (Recommended)*

You say its ticked, is that a case of it wasn't before but now it is? If so, that's good 

As for the open ports, you could have a quick look to see if any are open, just to be sure 

-----

What I will suggest is, before you run any of the tools that I've posted, can you turn off MBAM realtime scanner as follows:

Right-click on the MBAM icon in the systray, chose Exit and then click Yes at the prompt asking "Are you sure you want to disable the MBAM Protection Module?"

To re-enable, right-click on the MBAM icon in the systray and select Enable Protection. Right-click again and select Start with Windows.

Then, open up Task manager by either Ctrl-Alt-Del, or by right-clicking on the taskbar and selecting Task Manager.

In there, click on Processes, and locate the entry for MBAM, rightclick and select End Process.

-------

Now, for the Online Armour stuff, most are okay, but for specific stuff, I've mentioned them below:

*I.R.I.S OCR Registration - regipe.exe*

Now this looks to be just the registration for your scanner software. Its not needed to access the web, but its basically a prompt asking you to register.

*rmtemp.bat*

This is the file that you need to remove, as I posted with the OTM program previously. Just remember to disable MBAM as stated above before doing so.

*listener.exe *

Although this is for Sony, it is also from Intel. It may be related to a program on your system.

*Remotely Anywhere *

Now, in the first reply of this post, you said this:

After someone helped to logically think things thru & he actually saw it happen while he was in my computer remotely, he figured out it was a conflict between Fx & SA & the timeout or reboot function.

So, it may/may not be a leftover from a tool that was used.

You have this listed in the firewall policy:

Teamviewer Remote Control Application

and here in AddRemove Programs:

TeamViewer 6

http://www.teamviewer.com/en/index.aspx

However, that is a different program. Do you have the name of the file its stating is for the program?

* auto run for logmein *

We can disable that easily, just go to Control Panel | Adminsistrative Tools | Services.

In the list, locate *LogMeIn* and right-click on it and select Properties. Then, in the drop-down menu select Manual, Apply and OK.

It'll take effect when you restart Windows 

-----------------

If you can run the other tools (disabling MBAM) that would be great


----------



## ep2002 (Oct 31, 2006)

Ok, I'll do this in sections.

A lot of the add-ons aren't enabled & I don't remember why I disabled them. It was either b/c they hadn't been updated when a new version of Fx came out, or b/c I was concerned it was causing problems or just b/c I didn't use them.

I guess you want me to remove them?

Here's a list of what's on & off. (see attached)

The router is the E1200

The p/w isn't the MOST complex, but it's got numbers in there.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, more bad news...

So I wasn't sure which order you wanted me to do things in since I didn't complete the tasks from the previous thread since I was trying to get Armor running properly (with no false alarms) & that led to me trying to figure out what's good or bad on the computer.

Anyway, I got to the point of you wanting me to shut down MBAM & 4 times it froze my computer.

I was able to disable it of course, but every time I went to end the process MBAMServices.exe, it would crash everything except if I had music playing in the background.

At first I thought it was b/c of the music, then I thought it was b/c Armor was running the background, but then the 3rd & 4th time nothing was running.

So that task is SOL.

Also, TB has been causing problems for a while now where it won't load. I have to end up killing the process & clicking on TB's icon again to get it finally load.

When I did that just now, I got the script error again (told you it was TB , so I'm attaching that.

I'll work on TFC now & try to get thru the old tasks & the programs you want me to delete.

Thanks


Mich


----------



## ep2002 (Oct 31, 2006)

Ok, so here's what happened...

TLC wouldn't work (or at least I don't think it did). I tried it 3 times & it just hung everything, didn't reboot, I had to do a cold reboot each time.

I went into Safe Mode & did both, but with TDSKiller, there is no continue & then another screen that says cure. Once you press continue, that's it. I went back & looked at the drop down menu & no cure there, so I just had to skip.

Here are the logs...

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 23:27:54
-----------------------------
23:27:54.562 OS Version: Windows 5.1.2600 Service Pack 3
23:27:54.562 Number of processors: 2 586 0xF06
23:27:54.562 ComputerName: EXOTIC-3C629299 UserName: Michelle
23:27:54.937 Initialize success
23:28:06.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
23:28:06.500 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
23:28:06.531 Disk 0 MBR read successfully
23:28:06.562 Disk 0 MBR scan
23:28:06.578 Disk 0 Windows XP default MBR code
23:28:06.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151260 MB offset 63
23:28:06.640 Disk 0 Partition - 00 0F Extended LBA 325677 MB offset 309781395
23:28:06.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 146255 MB offset 309781458
23:28:06.703 Disk 0 Partition - 00 05 Extended 179421 MB offset 609313320
23:28:06.734 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 179421 MB offset 609313383
23:28:06.781 Disk 0 scanning sectors +976768065
23:28:06.859 Disk 0 scanning C:\WINDOWS\system32\drivers
23:28:12.218 Service scanning
23:28:15.531 Modules scanning
23:28:18.328 Disk 0 trace - called modules:
23:28:18.453 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 
23:28:18.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aebc958]
23:28:18.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000074[0x8aebdb00]
23:28:18.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\00000073[0x8af5b650]
23:28:18.812 Scan finished successfully
23:29:12.531 Disk 0 MBR has been saved successfully to "D:\Notes\ASWMBR\MBR.dat"
23:29:12.546 The log file has been saved successfully to "D:\Notes\ASWMBR\aswMBR-01-21-12.txt"


----------



## ep2002 (Oct 31, 2006)

23:32:00.0406 1712	TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
23:32:00.0406 1712	============================================================
23:32:00.0406 1712	Current date / time: 2012/01/21 23:32:00.0406
23:32:00.0406 1712	SystemInfo:
23:32:00.0406 1712	
23:32:00.0406 1712	OS Version: 5.1.2600 ServicePack: 3.0
23:32:00.0406 1712	Product type: Workstation
23:32:00.0406 1712	ComputerName: EXOTIC-3C629299
23:32:00.0406 1712	UserName: Michelle
23:32:00.0406 1712	Windows directory: C:\WINDOWS
23:32:00.0406 1712	System windows directory: C:\WINDOWS
23:32:00.0406 1712	Processor architecture: Intel x86
23:32:00.0406 1712	Number of processors: 2
23:32:00.0406 1712	Page size: 0x1000
23:32:00.0406 1712	Boot type: Safe boot
23:32:00.0406 1712	============================================================
23:32:00.0734 1712	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:32:00.0843 1712	Initialize success
23:32:08.0531 1780	============================================================
23:32:08.0531 1780	Scan started
23:32:08.0531 1780	Mode: Manual; SigCheck; TDLFS; 
23:32:08.0531 1780	============================================================
23:32:08.0765 1780	Abiosdsk - ok
23:32:08.0781 1780	abp480n5 - ok
23:32:08.0843 1780	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:08.0984 1780	ACPI - ok
23:32:09.0031 1780	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:32:09.0109 1780	ACPIEC - ok
23:32:09.0125 1780	adpu160m - ok
23:32:09.0156 1780	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:32:09.0234 1780	aec - ok
23:32:09.0265 1780	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:32:09.0265 1780	AFD - ok
23:32:09.0281 1780	Aha154x - ok
23:32:09.0296 1780	aic78u2 - ok
23:32:09.0296 1780	aic78xx - ok
23:32:09.0359 1780	AliIde - ok
23:32:09.0375 1780	amsint - ok
23:32:09.0406 1780	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:32:09.0484 1780	Arp1394 - ok
23:32:09.0484 1780	asc - ok
23:32:09.0500 1780	asc3350p - ok
23:32:09.0500 1780	asc3550 - ok
23:32:09.0578 1780	asuskbnt (f984f8bba45745e77ee0fc8a425bd417) C:\WINDOWS\system32\drivers\atkkbnt.sys
23:32:09.0578 1780	asuskbnt ( UnsignedFile.Multi.Generic ) - warning
23:32:09.0578 1780	asuskbnt - detected UnsignedFile.Multi.Generic (1)
23:32:09.0593 1780	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:09.0671 1780	AsyncMac - ok
23:32:09.0687 1780	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:09.0781 1780	atapi - ok
23:32:09.0796 1780	Atdisk - ok
23:32:09.0906 1780	ati2mtag (2d11242de84e5136fdff4a74510dba33) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:32:10.0062 1780	ati2mtag - ok
23:32:10.0093 1780	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:10.0171 1780	Atmarpc - ok
23:32:10.0203 1780	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:10.0281 1780	audstub - ok
23:32:10.0328 1780	avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:32:10.0343 1780	avgntflt - ok
23:32:10.0390 1780	avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:32:10.0406 1780	avipbb - ok
23:32:10.0421 1780	avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:32:10.0437 1780	avkmgr - ok
23:32:10.0484 1780	BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
23:32:10.0484 1780	BANTExt ( UnsignedFile.Multi.Generic ) - warning
23:32:10.0484 1780	BANTExt - detected UnsignedFile.Multi.Generic (1)
23:32:10.0515 1780	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:32:10.0593 1780	Beep - ok
23:32:10.0656 1780	BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
23:32:10.0671 1780	BrScnUsb - ok
23:32:10.0703 1780	BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
23:32:10.0703 1780	BrSerIb - ok
23:32:10.0734 1780	BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
23:32:10.0734 1780	BrUsbSIb - ok
23:32:10.0843 1780	catchme - ok
23:32:10.0875 1780	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:10.0953 1780	cbidf2k - ok
23:32:10.0953 1780	cd20xrnt - ok
23:32:10.0984 1780	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:11.0062 1780	Cdaudio - ok
23:32:11.0109 1780	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:11.0187 1780	Cdfs - ok
23:32:11.0218 1780	Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:11.0234 1780	Cdrom - ok
23:32:11.0234 1780	Changer - ok
23:32:11.0265 1780	CmdIde - ok
23:32:11.0296 1780	Cpqarray - ok
23:32:11.0406 1780	cpuz129 - ok
23:32:11.0421 1780	cpuz135 - ok
23:32:11.0453 1780	dac2w2k - ok
23:32:11.0453 1780	dac960nt - ok
23:32:11.0500 1780	DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
23:32:11.0515 1780	DgiVecp ( UnsignedFile.Multi.Generic ) - warning
23:32:11.0515 1780	DgiVecp - detected UnsignedFile.Multi.Generic (1)
23:32:11.0546 1780	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:11.0625 1780	Disk - ok
23:32:11.0656 1780	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:11.0765 1780	dmboot - ok
23:32:11.0781 1780	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:32:11.0859 1780	dmio - ok
23:32:11.0875 1780	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:11.0953 1780	dmload - ok
23:32:11.0984 1780	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:12.0062 1780	DMusic - ok
23:32:12.0078 1780	dpti2o - ok
23:32:12.0109 1780	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:12.0187 1780	drmkaud - ok
23:32:12.0218 1780	EIO (e41f6ac72e597e5f87b4a9ab0d8ab8bc) C:\WINDOWS\system32\drivers\EIO.sys
23:32:12.0218 1780	EIO ( UnsignedFile.Multi.Generic ) - warning
23:32:12.0218 1780	EIO - detected UnsignedFile.Multi.Generic (1)
23:32:12.0234 1780	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:12.0328 1780	Fastfat - ok
23:32:12.0343 1780	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:32:12.0421 1780	Fdc - ok
23:32:12.0437 1780	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:32:12.0515 1780	Fips - ok
23:32:12.0531 1780	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:32:12.0609 1780	Flpydisk - ok
23:32:12.0671 1780	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:12.0750 1780	FltMgr - ok
23:32:12.0765 1780	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:12.0843 1780	Fs_Rec - ok
23:32:12.0906 1780	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:12.0984 1780	Ftdisk - ok
23:32:13.0015 1780	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:13.0093 1780	Gpc - ok
23:32:13.0140 1780	GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
23:32:13.0140 1780	GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
23:32:13.0140 1780	GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
23:32:13.0171 1780	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:32:13.0250 1780	HDAudBus - ok
23:32:13.0296 1780	HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:13.0375 1780	HidUsb - ok
23:32:13.0390 1780	hpn - ok
23:32:13.0437 1780	HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:32:13.0453 1780	HPZid412 - ok
23:32:13.0468 1780	HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:32:13.0468 1780	HPZipr12 - ok
23:32:13.0500 1780	HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:32:13.0515 1780	HPZius12 - ok
23:32:13.0578 1780	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:13.0593 1780	HTTP - ok
23:32:13.0609 1780	i2omgmt - ok
23:32:13.0625 1780	i2omp - ok
23:32:13.0656 1780	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:13.0734 1780	i8042prt - ok
23:32:13.0750 1780	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:32:13.0828 1780	Imapi - ok
23:32:13.0843 1780	ini910u - ok
23:32:13.0984 1780	IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:32:14.0156 1780	IntcAzAudAddService - ok
23:32:14.0171 1780	IntelIde - ok
23:32:14.0203 1780	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:14.0281 1780	intelppm - ok
23:32:14.0296 1780	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:14.0375 1780	Ip6Fw - ok
23:32:14.0406 1780	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:14.0484 1780	IpFilterDriver - ok
23:32:14.0500 1780	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:14.0578 1780	IpInIp - ok
23:32:14.0593 1780	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:14.0671 1780	IpNat - ok
23:32:14.0703 1780	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:14.0781 1780	IPSec - ok
23:32:14.0796 1780	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:14.0828 1780	IRENUM - ok
23:32:14.0859 1780	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:14.0937 1780	isapnp - ok
23:32:14.0953 1780	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:15.0031 1780	Kbdclass - ok
23:32:15.0062 1780	kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:15.0140 1780	kbdhid - ok
23:32:15.0156 1780	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:15.0234 1780	kmixer - ok
23:32:15.0265 1780	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:15.0265 1780	KSecDD - ok
23:32:15.0281 1780	lbrtfdc - ok
23:32:15.0453 1780	LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) D:\Notes\LogMeIn\x86\RaInfo.sys
23:32:15.0453 1780	LMIInfo - ok
23:32:15.0500 1780	lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
23:32:15.0500 1780	lmimirr - ok
23:32:15.0515 1780	LMIRfsClientNP - ok
23:32:15.0515 1780	LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
23:32:15.0531 1780	LMIRfsDriver - ok
23:32:15.0578 1780	MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:32:15.0593 1780	MBAMProtector - ok
23:32:15.0625 1780	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:15.0703 1780	mnmdd - ok
23:32:15.0734 1780	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:32:15.0812 1780	Modem - ok
23:32:15.0843 1780	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:15.0921 1780	Mouclass - ok
23:32:15.0937 1780	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:16.0015 1780	mouhid - ok
23:32:16.0031 1780	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:16.0093 1780	MountMgr - ok
23:32:16.0109 1780	mraid35x - ok
23:32:16.0125 1780	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:16.0203 1780	MRxDAV - ok
23:32:16.0265 1780	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:16.0296 1780	MRxSmb - ok
23:32:16.0312 1780	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:16.0390 1780	Msfs - ok
23:32:16.0421 1780	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:16.0500 1780	MSKSSRV - ok
23:32:16.0515 1780	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:16.0593 1780	MSPCLOCK - ok
23:32:16.0593 1780	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:16.0671 1780	MSPQM - ok
23:32:16.0703 1780	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:16.0781 1780	mssmbios - ok
23:32:16.0796 1780	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:32:16.0812 1780	Mup - ok
23:32:16.0828 1780	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:16.0906 1780	NDIS - ok
23:32:16.0937 1780	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:16.0937 1780	NdisTapi - ok
23:32:16.0953 1780	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:17.0031 1780	Ndisuio - ok
23:32:17.0046 1780	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:17.0125 1780	NdisWan - ok
23:32:17.0156 1780	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:17.0156 1780	NDProxy - ok
23:32:17.0171 1780	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:17.0250 1780	NetBIOS - ok
23:32:17.0265 1780	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:17.0343 1780	NetBT - ok
23:32:17.0390 1780	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:32:17.0468 1780	NIC1394 - ok
23:32:17.0484 1780	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:17.0562 1780	Npfs - ok
23:32:17.0578 1780	npkcrypt - ok
23:32:17.0625 1780	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:17.0718 1780	Ntfs - ok
23:32:17.0750 1780	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:17.0828 1780	Null - ok
23:32:17.0843 1780	nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
23:32:17.0859 1780	nvata - ok
23:32:17.0875 1780	NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:32:17.0890 1780	NVENETFD - ok
23:32:17.0921 1780	nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:32:17.0921 1780	nvnetbus - ok
23:32:17.0953 1780	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:18.0031 1780	NwlnkFlt - ok
23:32:18.0046 1780	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:18.0125 1780	NwlnkFwd - ok
23:32:18.0171 1780	OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys
23:32:18.0171 1780	OADevice - ok
23:32:18.0203 1780	oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys
23:32:18.0203 1780	oahlpXX - ok
23:32:18.0218 1780	OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys
23:32:18.0234 1780	OAmon - ok
23:32:18.0250 1780	OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys
23:32:18.0250 1780	OAnet - ok
23:32:18.0312 1780	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:32:18.0390 1780	ohci1394 - ok
23:32:18.0421 1780	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:32:18.0500 1780	Parport - ok
23:32:18.0500 1780	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:18.0593 1780	PartMgr - ok
23:32:18.0640 1780	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:18.0703 1780	ParVdm - ok
23:32:18.0734 1780	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:18.0812 1780	PCI - ok
23:32:18.0812 1780	PCIDump - ok
23:32:18.0828 1780	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:18.0906 1780	PCIIde - ok
23:32:18.0921 1780	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:32:19.0000 1780	Pcmcia - ok
23:32:19.0031 1780	PDCOMP - ok
23:32:19.0046 1780	PDFRAME - ok
23:32:19.0046 1780	PDRELI - ok
23:32:19.0062 1780	PDRFRAME - ok
23:32:19.0078 1780	perc2 - ok
23:32:19.0093 1780	perc2hib - ok
23:32:19.0140 1780	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:19.0218 1780	PptpMiniport - ok
23:32:19.0250 1780	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:19.0312 1780	Ptilink - ok
23:32:19.0328 1780	ql1080 - ok
23:32:19.0343 1780	Ql10wnt - ok
23:32:19.0343 1780	ql12160 - ok
23:32:19.0359 1780	ql1240 - ok
23:32:19.0375 1780	ql1280 - ok
23:32:19.0406 1780	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:19.0468 1780	RasAcd - ok
23:32:19.0500 1780	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:19.0578 1780	Rasl2tp - ok
23:32:19.0593 1780	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:19.0671 1780	RasPppoe - ok
23:32:19.0687 1780	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:19.0750 1780	Raspti - ok
23:32:19.0765 1780	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:19.0843 1780	Rdbss - ok
23:32:19.0859 1780	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:19.0937 1780	RDPCDD - ok
23:32:19.0984 1780	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:32:20.0062 1780	rdpdr - ok
23:32:20.0109 1780	RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:20.0125 1780	RDPWD - ok
23:32:20.0140 1780	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:20.0218 1780	redbook - ok
23:32:20.0250 1780	Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
23:32:20.0265 1780	Revoflt - ok
23:32:20.0312 1780	RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:32:20.0312 1780	RT73 ( UnsignedFile.Multi.Generic ) - warning
23:32:20.0312 1780	RT73 - detected UnsignedFile.Multi.Generic (1)
23:32:20.0312 1780	RT80x86 - ok
23:32:20.0359 1780	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:20.0406 1780	Secdrv - ok
23:32:20.0453 1780	Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
23:32:20.0453 1780	Ser2pl ( UnsignedFile.Multi.Generic ) - warning
23:32:20.0453 1780	Ser2pl - detected UnsignedFile.Multi.Generic (1)
23:32:20.0468 1780	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:32:20.0546 1780	serenum - ok
23:32:20.0562 1780	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:32:20.0625 1780	Serial - ok
23:32:20.0671 1780	sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
23:32:20.0734 1780	sermouse - ok
23:32:20.0781 1780	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:32:20.0859 1780	Sfloppy - ok
23:32:20.0875 1780	Simbad - ok
23:32:20.0921 1780	Sparrow - ok
23:32:20.0953 1780	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:32:21.0031 1780	splitter - ok
23:32:21.0046 1780	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:21.0093 1780	sr - ok
23:32:21.0125 1780	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:21.0140 1780	Srv - ok
23:32:21.0203 1780	ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:32:21.0218 1780	ssmdrv - ok
23:32:21.0218 1780	SSPORT - ok
23:32:21.0265 1780	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:21.0343 1780	swenum - ok
23:32:21.0375 1780	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:32:21.0453 1780	swmidi - ok
23:32:21.0468 1780	symc810 - ok
23:32:21.0484 1780	symc8xx - ok
23:32:21.0484 1780	sym_hi - ok
23:32:21.0500 1780	sym_u3 - ok
23:32:21.0531 1780	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:21.0609 1780	sysaudio - ok
23:32:21.0656 1780	tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
23:32:21.0656 1780	tapvpn ( UnsignedFile.Multi.Generic ) - warning
23:32:21.0656 1780	tapvpn - detected UnsignedFile.Multi.Generic (1)
23:32:21.0703 1780	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:21.0718 1780	Tcpip - ok
23:32:21.0734 1780	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:21.0812 1780	TDPIPE - ok
23:32:21.0828 1780	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:21.0906 1780	TDTCP - ok
23:32:21.0921 1780	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:21.0984 1780	TermDD - ok
23:32:22.0015 1780	TosIde - ok
23:32:22.0062 1780	TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
23:32:22.0078 1780	TrueSight ( UnsignedFile.Multi.Generic ) - warning
23:32:22.0078 1780	TrueSight - detected UnsignedFile.Multi.Generic (1)
23:32:22.0093 1780	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:32:22.0171 1780	Udfs - ok
23:32:22.0171 1780	ultra - ok
23:32:22.0218 1780	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:32:22.0296 1780	Update - ok
23:32:22.0343 1780	USBAAPL - ok
23:32:22.0375 1780	usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:32:22.0453 1780	usbaudio - ok
23:32:22.0468 1780	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:22.0546 1780	usbccgp - ok
23:32:22.0562 1780	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:22.0640 1780	usbehci - ok
23:32:22.0640 1780	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:22.0718 1780	usbhub - ok
23:32:22.0734 1780	usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:32:22.0812 1780	usbohci - ok
23:32:22.0859 1780	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:22.0937 1780	usbprint - ok
23:32:22.0968 1780	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:32:23.0046 1780	usbscan - ok
23:32:23.0062 1780	usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:23.0140 1780	usbstor - ok
23:32:23.0171 1780	usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:32:23.0250 1780	usb_rndisx - ok
23:32:23.0265 1780	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:32:23.0343 1780	VgaSave - ok
23:32:23.0359 1780	ViaIde - ok
23:32:23.0390 1780	Video3D (9fe6c63d22abfea5c1d2b3efb9d31619) C:\WINDOWS\system32\Drivers\Video3D.sys
23:32:23.0390 1780	Video3D ( UnsignedFile.Multi.Generic ) - warning
23:32:23.0390 1780	Video3D - detected UnsignedFile.Multi.Generic (1)
23:32:23.0390 1780	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:23.0468 1780	VolSnap - ok
23:32:23.0500 1780	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:23.0578 1780	Wanarp - ok
23:32:23.0593 1780	WDICA - ok
23:32:23.0640 1780	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:23.0718 1780	wdmaud - ok
23:32:23.0796 1780	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:32:23.0812 1780	WpdUsb - ok
23:32:23.0828 1780	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:32:23.0890 1780	WS2IFSL - ok
23:32:23.0921 1780	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:32:23.0921 1780	WudfPf - ok
23:32:23.0968 1780	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:32:23.0984 1780	WudfRd - ok
23:32:24.0031 1780	MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:32:24.0203 1780	\Device\Harddisk0\DR0 - ok
23:32:24.0203 1780	Boot (0x1200) (8fde0ce03976391469de841621b51a3a) \Device\Harddisk0\DR0\Partition0
23:32:24.0203 1780	\Device\Harddisk0\DR0\Partition0 - ok
23:32:24.0218 1780	Boot (0x1200) (eb56d64d1202ce57e4b6bfa5460c19eb) \Device\Harddisk0\DR0\Partition1
23:32:24.0218 1780	\Device\Harddisk0\DR0\Partition1 - ok
23:32:24.0234 1780	Boot (0x1200) (fbdc793b87a6e0fcdd69ddbb136b09c2) \Device\Harddisk0\DR0\Partition2
23:32:24.0250 1780	\Device\Harddisk0\DR0\Partition2 - ok
23:32:24.0250 1780	============================================================
23:32:24.0250 1780	Scan finished
23:32:24.0250 1780	============================================================
23:32:24.0359 1772	Detected object count: 10
23:32:24.0359 1772	Actual detected object count: 10
23:33:06.0312 1772	asuskbnt ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0312 1772	asuskbnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0312 1772	BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0312 1772	BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0328 1772	DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0328 1772	DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0328 1772	EIO ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0328 1772	EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0328 1772	GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0328 1772	GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0343 1772	RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0343 1772	RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0343 1772	Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0343 1772	Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0343 1772	tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0343 1772	tapvpn ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0343 1772	TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0343 1772	TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:06.0359 1772	Video3D ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:06.0359 1772	Video3D ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:13.0031 1708	Deinitialize success


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> *Remotely Anywhere *
> 
> Now, in the first reply of this post, you said this:
> 
> ...


What's a firewall policy?



eddie5659 said:


> Teamviewer Remote Control Application
> 
> and here in AddRemove Programs:
> 
> ...


Right, that is a different program. For some reason it's not showing up in Armor anymore as an auto run.

Unfortunately the rmtemp.bat won't go away. I deleted it twice from the recycle bin & then where it was found on C drive after that & now Armor found it again. I'm running Armor again to see if it's just b/c I hadn't deleted it before it ran the first part of the system check.

It found it again <sigh>

Now that I see what starts on startup, I'm confused about all these things that I've never heard of before.

I need to know what these are, safe or otherwise (I realize most work with windows, but I don't know for sure)...

Ati HotKey Poller
ATK Keyboard Service
Background Intelligent Transfer Service
Bomgar Support Customer Client [1291058205]
Bonjour Service
BrYNSvc
ClipBook
COM+ Event System
COM+ System Application
Computer Browser
CryptSvc
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
IPSEC Services
Java Quick Starter
Logical Disk Manager
NLS Service
Plug and Play
Pml Driver HPZ12 - I uninstalled all HP stuff since I no longer have HP & have boycotted them. Not sure why this is still there.
Protected Storage
Remote Procedure Call (RPC)
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
System Event Notification
System Restore Service
Themes
WebClient
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Wireless Zero Configuration
Workstation

There's still many things that Armor found that I need to know about if they are ok to keep. I gave you a list earlier & you only mentioned 2-3 of them. If you didn't say anything about them, do I just leave them?

Also I can't find Canon Photostitch. It's coming up in Armor, but it's not in add/remove under Canon or PhotoStitch. I did do a search so it is there, but I don't know how to remove that. Do I just delete it from Documents & settings? See SS

Thanks

Michelle


----------



## eddie5659 (Mar 19, 2001)

Which version of Firefox are you running, as looking at the first screenshot, it shows that 2 of the add-ons are not compatible with 9.0.1

Also, Bookmark Backup says that for Firefox 1.5 and later, this isn't needed:



> Note: Firefox 1.5 (and later) makes its own backup of your bookmarks, therefore this add-on is only useful if you want to backup other settings or to control where the backups are stored.


http://www.pikey.me.uk/mozilla/?addon=bookmark-backup

---

As for the files/process that Armour is finding, most of these are legit. However, I'm concerned about MBAM. Is this the paid for version or the free trial version?

Looking at the beginning, you have had this installed all the time, and running. If you have your details for this, can you uninstall it, and then see if TFC program will run.

If it does allow it to run, I'll contact the developers, and let them know it may have a bug.

Also, before you do uninstall it, can you tell me which version it is?

Don't reinstall it, as it may still cause the problems.


----------



## ep2002 (Oct 31, 2006)

Ok, so you aren't going to go thru the lists I gave you? They are all ok?

MBAM - version 1.60.0.1800 & yes it's the paid version.

Fx 1.0.9

I just reinstalled it in fact b/c twice now in the last few months I've gotten errors where the DB couldn't upgrade or something like that.

Let me know what you want me to do next.

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

It looks like its an issue with MBAM crashing on any tools that people use. Its not just you, as I've had 2 otehrs with the same problem, and a few other helpers have seen it as well.

If you can just uninstall it, don't reinstall but see if TFC will work. If it does, leave MBAM uninstalled whilst we fix the rest of the problems.

I'll look at the lists etc when I get home


----------



## ep2002 (Oct 31, 2006)

Ok, that worked thank gawd. Took a while. Geeze, must have been a ton there.

Do I reinstall MBAM?

Also I believe I have several questions in my last 2-3 posts that weren't answered. Can you find time to do that pls. I don't want to forget about them if we move onto something else.

Thanks 


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi,

You there?

Now I'm having HUGE problems with Word. I tell it to print the page I'm on (the cursor is there) & it prints the first page.

I tell it to print page 1, it prints both pages <sigh>

Hope you are ok 

Michelle


----------



## eddie5659 (Mar 19, 2001)

Sorry, working long hours at work, so getting back late 


Okay, firstly MBAM. Good news that the tool works, but don't reinstall it yet, as we can now finally run the other tools, and remove the malware that can be causing all the other problems 

Don't worry about the other posts, I haven't forgotten them. I'll reply with parts about the malware removal first, and once that's all gone, we can work on the other problems 

Including Word 

Which version of Word are you using, and just in case its the printer at fault, the make and model of the printer?

---

Give me a minute or two to go thru the entire thread, to see what needs to be done first. I'll add them on my next reply 


Back in a bit


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like we never have removed anything, as OTL and a few others failed to run with MBAM installed.

So, can you delete the copy of OTL that you have, and download a fresh one from here:

*OTL*


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


Only one log may be produced.

Then, can you do this:

Open HijackThis, click Config, click Misc Tools 
Click "*Open Uninstall Manager*" 
Click "Save List" (generates *uninstall_list.txt*) 
Click Save, copy and paste the results in your next post.

eddie


----------



## ep2002 (Oct 31, 2006)

Sorry for the delay, I'm in the middle of a move.

The printer is brand new, less than a year old or close to a year.

It's a Brother DCP 7030

I'm using Word 2003.

I'm going to try & do this now since I have to shut her down tomorrow anyway.

TTYS & I hope you had a good wknd. 


Michelle


----------



## ep2002 (Oct 31, 2006)

Found this, have NO idea what it is 


Michelle


----------



## ep2002 (Oct 31, 2006)

Then when closing Word just now, twice it said changes were made to the template global.dot (WTH?), do I want to save the changes & I said NO.

Not a clue


----------



## ep2002 (Oct 31, 2006)

OTL logfile created on: 1/30/2012 11:13:45 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 78.22% Memory free
6.34 Gb Paging File | 5.34 Gb Available in Paging File | 84.29% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 121.28 Gb Free Space | 82.10% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 130.52 Gb Free Space | 91.38% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 149.22 Gb Free Space | 85.16% Space Free | Partition Type: NTFS

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 23:01:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(2).exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/03 09:45:08 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/15 15:23:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [On_Demand | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/03/04 01:49:58 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/11/30 20:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/09 15:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 01:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 23:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/23 15:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/17 10:25:22 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/01/14 02:14:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/12 22:30:07 | 000,000,000 | ---D | M] (Area deCoder) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/09/11 17:43:40 | 000,000,000 | ---D | M] (NewsBasis) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/17 22:45:06 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/25 20:38:03 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/01/09 15:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/01/09 15:57:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 10:01:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 14:28:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.75.9_0\nplastpass.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.5_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/02 14:34:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [rmtemp] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 00:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2012/01/20 00:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2012/01/20 00:04:37 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/01/20 00:04:37 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/01/20 00:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2012/01/20 00:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012/01/15 19:54:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/15 04:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/01/08 02:04:51 | 000,000,000 | ---D | C] -- C:\rsit
[2012/01/08 01:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Desktop\RK_Quarantine
[2012/01/02 14:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Toolbar4
[2012/01/01 23:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Malwarebytes
[2012/01/01 23:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2012/01/30 23:27:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/01/30 23:22:14 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/01/30 22:51:14 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/30 18:51:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 05:25:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/30 01:22:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/01/28 02:33:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2012/01/26 23:42:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/26 23:38:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 07:52:19 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/22 01:06:02 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/21 13:49:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/20 00:04:55 | 000,429,716 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/20 00:04:55 | 000,066,474 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/14 15:58:13 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\requested-files[2012-01-14_15_58].cab
[2012/01/14 15:02:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/13 01:42:35 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/05 21:26:00 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2012/01/05 21:24:55 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2012/01/02 14:34:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012/01/20 00:04:37 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/14 15:58:13 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Michelle\Desktop\requested-files[2012-01-14_15_58].cab
[2012/01/13 01:42:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/13 01:42:35 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/05 21:24:55 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/09/25 19:43:50 | 000,364,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 10:12:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/06/15 15:00:33 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2009/12/25 09:24:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\AEBFONT.INI
[2009/12/11 21:55:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/30 01:11:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/11/24 23:23:36 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/11/20 01:07:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/20 01:07:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/20 01:07:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/20 01:07:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/20 01:07:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/20 22:00:02 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2009/10/20 22:00:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/10/20 21:59:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/05/17 16:27:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/03 22:58:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/03/03 22:58:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 12:55:36 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/22 23:23:45 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp1ml3.dll
[2008/08/03 22:38:23 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/24 14:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/07/24 01:43:18 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2008/07/24 01:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/07/24 01:06:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2008/07/24 01:05:15 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2008/07/24 01:04:55 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2008/07/24 01:04:46 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2008/07/24 01:04:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2008/07/24 00:53:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2008/07/24 00:53:47 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2008/07/24 00:53:47 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2008/07/24 00:45:02 | 000,001,191 | ---- | C] () -- C:\WINDOWS\WTAPI.INI
[2008/07/24 00:41:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\hpu.dll
[2008/07/23 22:52:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/23 21:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/23 21:16:45 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/07/23 20:40:47 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/07/23 20:33:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/23 20:29:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/23 16:03:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/23 16:02:01 | 000,741,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,429,716 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,066,474 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/11 09:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 13:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/31 08:40:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\vbcrc.dll

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/01/20 00:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/10/27 04:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2011/12/11 16:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2011/09/06 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2011/09/06 17:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2012/01/13 01:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Toolbar4
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/01/28 02:33:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2012/01/30 23:27:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========

< End of report >


----------



## ep2002 (Oct 31, 2006)

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
ASUS Enhanced Display Driver
ASUS GameFace Live
ASUS SmartDoctor
ASUS Utilities
ASUS Video Security
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Aurora Password Manager
Auslogics Disk Defrag
Avira Free Antivirus
Belarc Advisor 8.1
Bonjour
Brother MFL-Pro Suite
Brother MFL-Pro Suite MFC-J615W
Catalyst Control Center - Branding
CCleaner
CCScore
Choice Guard
Cisco Connect
Compatibility Pack for the 2007 Office system
Corel WordPerfect Suite 8
CrashPlan
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Domain Name Analyzer v4.1.022207
Download Updater (AOL LLC)
Driver Genius Professional Edition
ERUNT 1.1j
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EULAlyzer v1.2
Evernote
FileChecker v1.7
FlashFXP v3
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToAssist Corporate
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 5.3
HP Image Zone Express
ICQ6
ID-Blaster Plus v2.0
iLinc 11 Client
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 30
Kodak EasyShare software
KODAK Share Button App
Link Partner Analyzer
LogMeIn
Maestro Connector
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monitor Calibration Wizard 1.0
MozBackup 1.5.1
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird 9.0.1 (x86 en-US)
MS Extra links
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Nitro PDF Professional
NVIDIA Drivers
OfotoXMI
Online Armor 5.1
OverDrive Media Console
pdfFactory
Personal Assistant
QuickBooks Pro Edition 2007
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.4.3
RingCentral Call Controller
Rootkit Unhooker LE 3.8 SR 2
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Skype&#8482; 5.5
SmartDraw PDF Export (novaPDF 6.4 printer)
Speccy
SpywareBlaster 4.3
staticcr
StudioTax 2010
swMSM
TeamViewer 6
TweetDeck
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VPRINTOL
WebEx
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
WIRELESS
Yahoo! Messenger


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like some has gone, but still some remains, so can you run this:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [1291058205] [Auto | Stopped] -- -- (bomgar-scc-1291058205)
SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
[2012/01/02 14:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Toolbar4
[2012/01/28 02:33:00 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
:Files
C:\Program Files\ChitChat Toolbar
c:\dostools\rmtemp.bat
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

After that, can you run this tool:

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

-----------

I can help on the other issues, but I think we need to do one at a time for those, so that once one part is done, we can move onto the next. Malware removal is looking good so far 

The Word problem looks like a common issue. Take a look at this, and see if any helps solve the issue:

http://support.microsoft.com/kb/291352


----------



## ep2002 (Oct 31, 2006)

Oh gawd, ok, first, sorry for the delay. I moved on Tues. expected my ISP to hook me up on Tues. or Wedn., but they were saying the 13th. I was furious. I just got service yesterday.

Second, you know I have no malware protection now right?

MBAM is uninstalled & Armor isn't running b/c I was still waiting on you to tell me what to do with those questionable items it found that I have no clue about. Just saying 

Anyway, I just ran the OTL & here's what happened...

1. It ran longer than before.
2. I got this error... Cannot create file C:/Windows/system32/drivers/etc/Hosts

Avira popped up a window with an error, but by the time I was finished copying the other error above it disappeared.

It continued trying to do something with the Hosts & that's when it hung. I Xed out, tried to restart & I got the triple beep meaning that I now had no access to the computer. I had to shut her down & wait about 30 minutes & now she rebooted thank gawd.

Then before even the desktop was visible, I got this...

Open File Security Warning OTL.exe - Publisher could not be verified. Are you sure you want to run this software. 

I canceled. It was the run dialog box.

So am I to assume that the issues with the video card have to do with maleware & so every time we run OTL it's stopping the maleware from being deleted & that's why it's affecting the machine so it can't reboot?

I'm going to try the OTS now. Wish me luck.


Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, good, that went off without a hitch. I'm going to reboot now since I closed too many programs. I hope it works.

Here's the attached.


----------



## ep2002 (Oct 31, 2006)

Ok, so I wasn't able to reboot. I just got the computer up & running now. Same issue with the 3 beeps.

I'm all done with your instructions I guess.

Thanks


----------



## eddie5659 (Mar 19, 2001)

> Second, you know I have no malware protection now right?


Don't you still have Avira Free Antivirus installed? If so, then you're still protected 

For the Hosts error, this is okay, as the fix will still run. Its just a glitch with some version of Windows.



> Open File Security Warning OTL.exe - Publisher could not be verified. Are you sure you want to run this software.


This was okay to run. It was removing any entries that are in use at the time, as a reboot may have been needed.

I'll look at the OTS in a min, just checking on the beeps. Is it 3 short or long beeps?


----------



## Triple6 (Dec 26, 2002)

What do you see on the screen when these 3 beeps occur?


----------



## ep2002 (Oct 31, 2006)

Ok, I think (don't quote me as I'm going by memory), it's doot, doot doot doot, so it's 1 long, 3 short. I've heard it enough times, but can it be 4 not 3?

Nothing. It never even gets to the Windows part, it's usually just black & when it used to crash before in the middle of the computer being on or me working, it would just freeze or go to an all BLUE screen, but not the dark Window's color, the more light blue color.

HELP - Remember I lost my speakers?

Well I figured out this time it's Windows Media player which I REALLY don't like as I think it causes problems.

I jacked up the volume as I was upset & when I went to rewind the song, it sopped playing the music even though I can see it's playing, no sound comes out.

I'm getting sound from other devices so can you recommend what to do, this is nuts. I want to listen to my music 

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

Triple6 said:


> What do you see on the screen when these 3 beeps occur?


Thanks for helping in this issue :up:


----------



## ep2002 (Oct 31, 2006)

Hi there,

Just wondering if you are ok, haven't heard from you since the 7th & with the WMP not working now & the other things, I'm getting concerned again. Had TB issue over the last few days & Fx crashing more often.

Thanks


Michelle


----------



## Triple6 (Dec 26, 2002)

You may want to check/test the RAM using a bootable CD or USB stick as described here: http://www.memtest.org/

Does it always show the approximate 3.8GB of RAM or does it sometimes show less?


----------



## ep2002 (Oct 31, 2006)

Hi Triple,

Is Eddie not helping me fix my computer anymore 

I know you are helping, but just with the beeps.

I just did another scan with Speecy yesterday & it showed up as 4, did one just now, same thing.

When I got to my computer today, again with the light blue screen. When I tried to reboot, I got the 3 beeps again, had to power her off, wait 20 minutes, then she worked again & Windows had to do a complete scam b/c of how she shut down.

Someone had told me it was the video card, so when someone here tried to put it in, it wouldn't work  I spent all that money on the card & it won't work.

I haven't had time to take it into a computer store here (there's hardly anyone in this country who knows what they are doing either hardware or software wise, so I'm very careful about who I take it into.) to see if they can get the new video card to work.

My memory is not even a year old (may be a year now.)

I went to that page you gave me & I'm not understanding what I need to do. I take it I need to buy a USP & then DL that software & that checks the memory?

There's tons of URLs there for DLing. Which one do I pick?

I have to see if the CDs I had made it with me as USP lost 2 of my boxes.

Thanks & Eddie if you are still around, can we pls. move forward with fixing my computer? After having more beeping problems right after that last fix & now losing Windows Media Player plus when I rebooted yesterday, Chrome crashed big time as all my history was gone as well as Last Pass that I had attached to it <sigh>

Happy Valentines Day! 

Michelle


----------



## eddie5659 (Mar 19, 2001)

Hi

Sorry, I was waiting to see the outcome of the beeps, as it could point to a hardware fault, which could be a reason for the computer dying.

For the memory test, you just need to burn it onto a disk, and run it. I'll post a speech in a sec.

Also, I was at work real late on Monday, and yesterday was Valentine's day, so I couldn't be here, but am tonight 

---


First *Download Memtest* from This Link

There are several downloads to choose from. For this *CD Version* you require the link that says: 
*Download - Pre-Compiled Bootable ISO (.zip)*

*Download the file* to your desktop.
If you are using *Windows XP or Vista* then you can *right click* the file and choose *Extract All*.










You will now have a .iso file on your desktop called memtest86+-2.11 RED

*Unless you don't have a burning program, do this:*

Now download ImgBurn

http://www.imgburn.com/index.php?act=download

Download that to your desktop and launch the installer by double clicking the ImgBurn installer icon. Follow the instructions, keeping the settings as the defaults. 
Now when that is installed double click the program icon to launch








Then click *Write image file to disk*
Then insert your *Blank CD*
Next click the *Browse for File* button and load the *memtest.iso* from your desktop.
Then click the large Write file to disk button








The program will then create your boot disk

First and foremost verify that your disk has burned correctly. 

Go to *My Computer* and go to your CD/DVD drive. Make sure the Disk is called *Boot*. If not then the burn has been unsuccessful. However if it is called Boot your CD is ready to go


Now leave the disk in the drive and shutdown your PC. 
Open the side of your Case and remove *all but 1 sticks* of RAM. You should only have one stick of RAM installed when running Memtest.
Pull the white clips to the side and the stick of RAM should pop out. RED
*DO NOT* put your RAM sticks on the carpet or on anything that can create static. This is a sure fire way to kill the components. Place them on some cardboard or in an antistatic bag to reduce the risk.
Turn your PC back on.
Memtest should now boot.
No more user involvement is required at this stage. Memtest will automatically start the tests. 
Once Memtest has completed its scan note down any errors that occurred. However usually you will be the one to stop the scan. You can stop the scan at any time but I would *advise you run it for at least test number 8* as shown in the image below near the top right hand corner of the screen. 
Then repeat the steps above for the remaining sticks of RAM by opening the case and swapping the existing stick with the one that has not been tested and then re run Memtest.










*Failures*

The image below shows a system with failures within Memtest. As you can see in the left hand Column it shows the failures were all made within test 3. Any failures would normally lead you to have to replace the RAM module as its usually something that isn't repairable.










If it comes up all clear, as in no red failures, try the other stick of RAM in its place, and let me know what happens.

Also, if you have any questions/problems with this program, just ask


----------



## eddie5659 (Mar 19, 2001)

Whilst we wait for the results of the memory test, can you delete the copy of ComboFix you have, and download a fresh one from here and run a scan. I just want to see what is there, and then if its okay, I'll start with all of the problems, one at a time. Once one is solved, we'll go onto the next 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## ep2002 (Oct 31, 2006)

Ok, finally found some time to do this.

A few things:

1. I'm really nervous about dealing with the memory. I don't ever touch the inside of my CPU. I can do it if you think you can trust me LOL, I'm just saying I don't even know where anything is, I'll have to memorize where to even put the memory back once I've taken it out & try to find a video about it. I mean I know what memory looks like after all these years, but I've never touched it other than buying it.

I bought the CDRWs though since as I guessed, mine were missing.

2. I ran CF & as I suspected, when I went to reboot, she started up again. Why does it do that every time we are cleaning something out?

This time I counted the beeps.

It's one long, 4 short.

3. I got her back up & running (obviously), so I'm ready for you now 

4. I forgot to mention that when I asked you how my computer is protected from maleware when you had me uninstall MBAM, does Avira take care of maleware? I don't think it does.

I still haven't completed the Armor stuff b/c you hadn't gotten back to me about the stuff that I haven't "trusted" & I don't know what it is, so can you pls. just tell me if I should delete that stuff or trust it. Attached are the SSs of the few items left. I trusted or uninstalled the rest. I'd like to finally get that operational.

Even after the clean & reboot, Windows Media Player still isn't working.

Thanks & TTYS


Michelle


----------



## ep2002 (Oct 31, 2006)

Dahh, almost forgot this. Brain not working...

ComboFix 12-02-19.02 - Michelle 02/19/2012 23:50:24.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2800 [GMT -6:00]
Running from: d:\downloads\Username123.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET65.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-14 20:33 . 2012-02-14 20:33	--------	dc----w-	c:\windows\LastGood
2012-02-14 20:32 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\iacenc.dll
2012-02-14 20:32 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:27 . 2012-02-14 20:27	--------	d-----w-	C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 21:02 . 2012-01-08 07:59	111872	-c--a-w-	c:\windows\system32\drivers\TrueSight.sys
2012-01-12 16:53 . 2006-02-28 12:00	1859968	-c--a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00	43520	-c--a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00	1469440	-c----w-	c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00	385024	-c--a-w-	c:\windows\system32\html.iec
2011-12-15 19:24 . 2010-09-24 07:11	83360	-c--a-w-	c:\windows\system32\LMIRfsClientNP.dll
2011-12-15 19:24 . 2010-09-24 07:11	52096	-c--a-w-	c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-15 19:24 . 2010-09-24 07:11	30592	-c--a-w-	c:\windows\system32\LMIport.dll
2011-12-15 19:24 . 2010-09-24 07:11	87424	-c--a-w-	c:\windows\system32\LMIinit.dll
2011-12-09 10:58 . 2011-10-29 15:05	134856	-c--a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-25 21:57 . 2006-02-28 12:00	293376	-c--a-w-	c:\windows\system32\winsrv.dll
2012-02-18 02:24 . 2011-06-25 00:57	134104	-c--a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-02_20.34.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-14 20:30 . 2012-02-14 20:30	16384 c:\windows\TEMP\Perflib_Perfdata_bc4.dat
+ 2012-02-14 20:29 . 2012-02-14 20:29	16384 c:\windows\TEMP\Perflib_Perfdata_7d4.dat
+ 2006-02-28 12:00 . 2012-02-14 20:45	66474 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2011-11-18 12:35	60416 c:\windows\system32\packager.exe
+ 2006-02-28 12:00 . 2011-12-17 19:46	66560 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	66560 c:\windows\system32\mshtmled.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	23040 c:\windows\system32\mciseq.dll
+ 2006-02-28 12:00 . 2011-10-14 14:47	23040 c:\windows\system32\mciseq.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	25600 c:\windows\system32\jsproxy.dll
+ 2012-01-20 06:04 . 2011-11-01 17:34	29464 c:\windows\system32\drivers\OAnet.sys
+ 2012-01-20 06:04 . 2011-11-01 17:34	25192 c:\windows\system32\drivers\OAmon.sys
+ 2012-01-20 06:04 . 2011-11-01 17:34	40296 c:\windows\system32\drivers\oahlp32.sys
+ 2009-06-12 18:56 . 2011-12-17 19:46	12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-12 18:56 . 2011-11-04 19:20	12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-02-28 12:00 . 2011-11-18 12:35	60416 c:\windows\system32\dllcache\packager.exe
+ 2006-02-28 12:00 . 2011-12-17 19:46	66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-07-24 04:59 . 2011-11-04 19:20	55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-07-24 04:59 . 2011-12-17 19:46	55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-02-28 12:00 . 2011-10-14 14:47	23040 c:\windows\system32\dllcache\mciseq.dll
- 2006-02-28 12:00 . 2008-04-14 00:11	23040 c:\windows\system32\dllcache\mciseq.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	25600 c:\windows\system32\dllcache\jsproxy.dll
- 2008-07-24 02:35 . 2011-11-30 17:34	32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-24 02:35 . 2012-01-06 03:24	32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-06 03:24 . 2012-01-06 03:24	26505 c:\windows\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Manifest.Bin
- 2011-11-19 04:10 . 2011-11-19 04:10	16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-11-19 04:10 . 2012-01-06 03:24	16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-11-19 04:10 . 2011-11-30 17:34	16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-06 03:24 . 2012-01-06 03:24	16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-15 10:27 . 2012-01-15 10:27	87901 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2011-11-22 13:34 . 2011-11-22 13:34	86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2011-11-22 13:19 . 2011-11-22 13:19	73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2011-11-22 13:19 . 2011-11-22 13:19	64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2011-11-22 13:36 . 2011-11-22 13:36	12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49	31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-08 10:12 . 2012-01-08 10:12	28160 c:\windows\Installer\bb8e63.msi
+ 2012-02-04 16:51 . 2012-02-04 16:51	22016 c:\windows\Installer\1397b4d6.msi
+ 2008-07-24 04:52 . 2012-02-14 20:37	23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-01-15 10:27 . 2012-01-15 10:27	10134 c:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
+ 2012-02-14 20:37 . 2011-11-04 19:20	12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-21 19:50 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
+ 2012-01-21 19:50 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
+ 2012-01-21 19:49 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
+ 2012-01-21 19:49 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
+ 2012-01-21 19:43 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
+ 2012-01-21 19:43 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
+ 2011-10-14 14:45 . 2011-10-14 14:45	23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
+ 2012-01-21 19:42 . 2010-07-05 13:15	26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
+ 2012-01-21 19:42 . 2010-07-05 13:15	17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
+ 2011-11-18 12:41 . 2011-11-18 12:41	60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
- 2011-10-15 21:22 . 2011-10-15 21:22	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-07-24 04:52 . 2011-12-21 04:05	4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-10-15 21:22 . 2011-10-15 21:22	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-15 21:22 . 2011-10-15 21:22	5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-15 21:22 . 2011-10-15 21:22	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2011-10-14 14:47	176128 c:\windows\system32\winmm.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	176128 c:\windows\system32\winmm.dll
+ 2006-02-28 12:00 . 2011-11-16 14:21	354816 c:\windows\system32\winhttp.dll
- 2006-02-28 12:00 . 2009-08-25 09:17	354816 c:\windows\system32\winhttp.dll
+ 2006-02-28 12:00 . 2011-11-16 14:21	152064 c:\windows\system32\schannel.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	386048 c:\windows\system32\qdvd.dll
+ 2006-02-28 12:00 . 2011-11-03 15:28	386048 c:\windows\system32\qdvd.dll
+ 2006-02-28 12:00 . 2012-02-14 20:45	429716 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-12-17 19:46	206848 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	206848 c:\windows\system32\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	611840 c:\windows\system32\mstime.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	611840 c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	387584 c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-16 12:23	174080 c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00 . 2011-11-04 11:24	174080 c:\windows\system32\ie4uinit.exe
+ 2012-01-20 06:04 . 2011-11-01 17:34	205864 c:\windows\system32\drivers\OADriver.sys
- 2010-06-18 17:45 . 2011-06-20 17:44	293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57	293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47	176128 c:\windows\system32\dllcache\winmm.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	916992 c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	916992 c:\windows\system32\dllcache\wininet.dll
- 2008-12-16 12:30 . 2009-08-25 09:17	354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-16 12:30 . 2011-11-16 14:21	354816 c:\windows\system32\dllcache\winhttp.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	105984 c:\windows\system32\dllcache\url.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21	152064 c:\windows\system32\dllcache\schannel.dll
+ 2006-02-28 12:00 . 2011-11-03 15:28	386048 c:\windows\system32\dllcache\qdvd.dll
- 2006-02-28 12:00 . 2008-04-14 00:12	386048 c:\windows\system32\dllcache\qdvd.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	206848 c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	206848 c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-07-24 04:59 . 2011-12-17 19:46	602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-07-24 04:59 . 2011-11-04 19:20	602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 18:56 . 2011-11-04 19:20	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 18:56 . 2011-12-17 19:46	247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-14 03:30 . 2011-12-17 19:46	743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-14 03:30 . 2011-11-04 19:20	743424 c:\windows\system32\dllcache\iedvtool.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-16 12:23	174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00 . 2011-11-04 11:24	174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-11-22 13:19 . 2011-11-22 13:19	279992 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2011-11-22 13:34 . 2011-11-22 13:34	114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2011-11-22 13:36 . 2011-11-22 13:36	434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2011-11-22 13:35 . 2011-11-22 13:35	365056 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2011-11-22 13:23 . 2011-11-22 13:23	990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2011-11-22 13:19 . 2011-11-22 13:19	929792 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2011-11-22 13:34 . 2011-11-22 13:34	542720 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2011-11-22 13:42 . 2011-11-22 13:42	113080 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2011-11-22 13:42 . 2011-11-22 13:42	279480 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2011-11-22 13:36 . 2011-11-22 13:36	145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2011-12-25 09:49 . 2011-12-25 09:49	436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-11 05:24 . 2012-01-11 05:24	333824 c:\windows\Installer\f26a9a7.msi
+ 2012-01-15 10:27 . 2012-01-15 10:27	430592 c:\windows\Installer\2cc9d85.msi
+ 2011-12-25 11:40 . 2011-12-25 11:40	819200 c:\windows\Installer\14e9f81a.msp
- 2008-07-24 04:52 . 2011-12-21 04:05	409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-24 04:52 . 2011-12-21 04:05	593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-24 04:52 . 2012-02-14 20:37	593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-02-14 20:37 . 2011-11-04 19:20	916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-14 20:37 . 2010-07-05 13:16	382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-14 20:37 . 2010-07-05 13:15	231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-14 20:37 . 2011-11-04 19:20	206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-14 20:37 . 2011-11-04 11:24	174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-05 19:42 . 2012-02-05 19:42	282624 c:\windows\ERDNT\AutoBackup\2-5-2012\Users\00000002\UsrClass.dat
+ 2012-02-05 19:42 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\2-5-2012\ERDNT.EXE
+ 2012-02-14 20:30 . 2012-02-14 20:30	282624 c:\windows\ERDNT\AutoBackup\2-14-2012\Users\00000002\UsrClass.dat
+ 2012-02-14 20:30 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\2-14-2012\ERDNT.EXE
+ 2012-02-13 16:59 . 2012-02-13 16:59	282624 c:\windows\ERDNT\AutoBackup\2-13-2012\Users\00000002\UsrClass.dat
+ 2012-02-13 16:59 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\2-13-2012\ERDNT.EXE
+ 2012-01-08 06:49 . 2012-01-08 06:49	282624 c:\windows\ERDNT\AutoBackup\1-8-2012\Users\00000002\UsrClass.dat
+ 2012-01-08 06:49 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-8-2012\ERDNT.EXE
+ 2012-01-07 08:38 . 2012-01-07 08:38	282624 c:\windows\ERDNT\AutoBackup\1-7-2012\Users\00000002\UsrClass.dat
+ 2012-01-07 08:38 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-7-2012\ERDNT.EXE
+ 2012-01-06 09:09 . 2012-01-06 09:09	282624 c:\windows\ERDNT\AutoBackup\1-6-2012\Users\00000002\UsrClass.dat
+ 2012-01-06 09:09 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-6-2012\ERDNT.EXE
+ 2012-01-05 18:17 . 2012-01-05 18:17	282624 c:\windows\ERDNT\AutoBackup\1-5-2012\Users\00000002\UsrClass.dat
+ 2012-01-05 18:17 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-5-2012\ERDNT.EXE
+ 2012-01-31 21:38 . 2012-01-31 21:38	282624 c:\windows\ERDNT\AutoBackup\1-31-2012\Users\00000002\UsrClass.dat
+ 2012-01-31 21:38 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-31-2012\ERDNT.EXE
+ 2012-01-03 08:55 . 2012-01-03 08:55	282624 c:\windows\ERDNT\AutoBackup\1-3-2012\Users\00000002\UsrClass.dat
+ 2012-01-03 08:55 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-3-2012\ERDNT.EXE
+ 2012-01-27 05:42 . 2012-01-27 05:42	282624 c:\windows\ERDNT\AutoBackup\1-26-2012\Users\00000002\UsrClass.dat
+ 2012-01-27 05:42 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-26-2012\ERDNT.EXE
+ 2012-01-24 13:44 . 2012-01-24 13:44	282624 c:\windows\ERDNT\AutoBackup\1-24-2012\Users\00000002\UsrClass.dat
+ 2012-01-24 13:44 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-24-2012\ERDNT.EXE
+ 2012-01-22 07:12 . 2012-01-22 07:12	282624 c:\windows\ERDNT\AutoBackup\1-22-2012\Users\00000002\UsrClass.dat
+ 2012-01-22 07:12 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-22-2012\ERDNT.EXE
+ 2012-01-22 02:36 . 2012-01-22 02:36	282624 c:\windows\ERDNT\AutoBackup\1-21-2012\Users\00000002\UsrClass.dat
+ 2012-01-22 02:36 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-21-2012\ERDNT.EXE
+ 2012-01-20 04:57 . 2012-01-20 04:57	282624 c:\windows\ERDNT\AutoBackup\1-19-2012\Users\00000002\UsrClass.dat
+ 2012-01-20 04:57 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-19-2012\ERDNT.EXE
+ 2012-01-18 08:06 . 2012-01-18 08:06	282624 c:\windows\ERDNT\AutoBackup\1-18-2012\Users\00000002\UsrClass.dat
+ 2012-01-18 08:06 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-18-2012\ERDNT.EXE
+ 2012-01-15 16:55 . 2012-01-15 16:55	282624 c:\windows\ERDNT\AutoBackup\1-15-2012\Users\00000002\UsrClass.dat
+ 2012-01-15 16:55 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-15-2012\ERDNT.EXE
+ 2012-01-14 21:26 . 2012-01-14 21:26	282624 c:\windows\ERDNT\AutoBackup\1-14-2012\Users\00000002\UsrClass.dat
+ 2012-01-14 21:26 . 2005-10-20 16:02	163328 c:\windows\ERDNT\AutoBackup\1-14-2012\ERDNT.EXE
+ 2012-02-14 23:59 . 2012-02-14 23:59	321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-14 23:59 . 2012-02-14 23:59	202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-01-12 09:12 . 2012-01-12 09:12	141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-14 23:57 . 2012-02-14 23:57	212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-14 20:47 . 2012-02-14 20:47	208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-14 23:58 . 2012-02-14 23:58	256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-01-12 09:12 . 2012-01-12 09:12	320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-02-14 23:59 . 2012-02-14 23:59	133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-14 23:58 . 2012-02-14 23:58	386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-01-12 09:11 . 2012-01-12 09:11	842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
+ 2012-02-14 23:57 . 2012-02-14 23:57	842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-21 19:50 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2646524\update\updspapi.dll
+ 2012-01-21 19:50 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2646524\update\update.exe
+ 2012-01-21 19:50 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2646524\spuninst.exe
+ 2011-11-25 21:56 . 2011-11-25 21:56	293376 c:\windows\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
+ 2012-01-21 19:49 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2631813\update\updspapi.dll
+ 2012-01-21 19:49 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2631813\update\update.exe
+ 2012-01-21 19:49 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2631813\spuninst.exe
+ 2011-11-03 15:27 . 2011-11-03 15:27	386048 c:\windows\$hf_mig$\KB2631813\SP3QFE\qdvd.dll
+ 2012-01-21 19:43 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2598479\update\updspapi.dll
+ 2012-01-21 19:43 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2598479\update\update.exe
+ 2012-01-21 19:43 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2598479\spuninst.exe
+ 2011-10-14 14:45 . 2011-10-14 14:45	176128 c:\windows\$hf_mig$\KB2598479\SP3QFE\winmm.dll
+ 2012-01-21 19:42 . 2010-07-05 13:16	382840 c:\windows\$hf_mig$\KB2584146\update\updspapi.dll
+ 2012-01-21 19:42 . 2010-07-05 13:15	755576 c:\windows\$hf_mig$\KB2584146\update\update.exe
+ 2012-01-21 19:42 . 2010-07-05 13:15	231288 c:\windows\$hf_mig$\KB2584146\spuninst.exe
+ 2006-02-28 12:00 . 2011-11-03 15:28	1292288 c:\windows\system32\quartz.dll
+ 2008-11-08 15:36 . 2012-01-12 16:53	1859968 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-28 12:00 . 2011-12-17 19:46	1212416 c:\windows\system32\dllcache\urlmon.dll
- 2006-02-28 12:00 . 2011-11-04 19:20	1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28	1292288 c:\windows\system32\dllcache\quartz.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46	5979136 c:\windows\system32\dllcache\mshtml.dll
+ 2008-07-24 04:59 . 2011-12-17 19:46	2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-07-24 04:59 . 2011-11-04 19:20	2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-11-22 13:42 . 2011-11-22 13:42	1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1163633.exe
+ 2011-11-22 13:19 . 2011-11-22 13:19	2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2011-11-22 13:24 . 2011-11-22 13:24	1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2011-12-25 09:50 . 2011-12-25 09:50	5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-10-26 09:39 . 2011-10-26 09:39	3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-06 21:22 . 2011-12-06 21:22	5519360 c:\windows\Installer\858ed0f.msp
+ 2011-10-31 04:54 . 2011-10-31 04:54	2748416 c:\windows\Installer\79d75.msp
+ 2012-01-25 20:55 . 2012-01-25 20:55	5520384 c:\windows\Installer\79d6c.msp
+ 2012-01-13 07:42 . 2012-01-13 07:42	3947520 c:\windows\Installer\19ef7e82.msi
+ 2011-12-26 15:59 . 2011-12-26 15:59	4368896 c:\windows\Installer\14e9f811.msp
+ 2012-02-14 20:37 . 2011-11-04 19:20	1212416 c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	5978112 c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	2000384 c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-14 20:45 . 2012-02-14 20:45	3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-14 20:45 . 2012-02-14 20:45	7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-14 20:47 . 2012-02-14 20:47	5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-01-12 09:13 . 2012-01-12 09:13	1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-01-12 09:12 . 2012-01-12 09:12	2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-01-12 09:12 . 2012-01-12 09:12	2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-14 23:57 . 2012-02-14 23:57	1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-01-12 09:11 . 2012-01-12 09:11	1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-02-14 20:47 . 2012-02-14 20:47	1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-14 20:46 . 2012-02-14 20:46	6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-01-12 09:12 . 2012-01-12 09:12	1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-10-04 16:42 . 2010-10-04 16:42	1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 08:19 . 2012-01-12 08:19	1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-15 21:22 . 2011-10-15 21:22	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-14 20:44 . 2012-02-14 20:44	4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-11-03 15:27 . 2011-11-03 15:27	1292288 c:\windows\$hf_mig$\KB2631813\SP3QFE\quartz.dll
+ 2008-07-24 05:00 . 2012-02-14 20:38	52550552 c:\windows\system32\MRT.exe
+ 2008-07-24 04:59 . 2011-12-18 20:46	11082240 c:\windows\system32\dllcache\ieframe.dll
+ 2012-02-14 20:37 . 2011-11-04 19:20	11081728 c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-05 19:42 . 2012-02-05 19:42	11825152 c:\windows\ERDNT\AutoBackup\2-5-2012\Users\00000001\ntuser.dat
+ 2012-02-14 20:30 . 2012-02-14 20:30	11825152 c:\windows\ERDNT\AutoBackup\2-14-2012\Users\00000001\ntuser.dat
+ 2012-02-13 16:59 . 2012-02-13 16:59	11825152 c:\windows\ERDNT\AutoBackup\2-13-2012\Users\00000001\ntuser.dat
+ 2012-01-08 06:49 . 2012-01-08 06:49	11800576 c:\windows\ERDNT\AutoBackup\1-8-2012\Users\00000001\ntuser.dat
+ 2012-01-07 08:38 . 2012-01-07 08:38	11800576 c:\windows\ERDNT\AutoBackup\1-7-2012\Users\00000001\ntuser.dat
+ 2012-01-06 09:09 . 2012-01-06 09:09	11800576 c:\windows\ERDNT\AutoBackup\1-6-2012\Users\00000001\ntuser.dat
+ 2012-01-05 18:17 . 2012-01-05 18:17	11800576 c:\windows\ERDNT\AutoBackup\1-5-2012\Users\00000001\ntuser.dat
+ 2012-01-31 21:38 . 2012-01-31 21:38	11825152 c:\windows\ERDNT\AutoBackup\1-31-2012\Users\00000001\ntuser.dat
+ 2012-01-03 08:55 . 2012-01-03 08:55	11796480 c:\windows\ERDNT\AutoBackup\1-3-2012\Users\00000001\ntuser.dat
+ 2012-01-27 05:42 . 2012-01-27 05:42	11825152 c:\windows\ERDNT\AutoBackup\1-26-2012\Users\00000001\ntuser.dat
+ 2012-01-24 13:44 . 2012-01-24 13:44	11825152 c:\windows\ERDNT\AutoBackup\1-24-2012\Users\00000001\ntuser.dat
+ 2012-01-22 07:12 . 2012-01-22 07:12	11825152 c:\windows\ERDNT\AutoBackup\1-22-2012\Users\00000001\ntuser.dat
+ 2012-01-22 02:36 . 2012-01-22 02:36	11808768 c:\windows\ERDNT\AutoBackup\1-21-2012\Users\00000001\ntuser.dat
+ 2012-01-20 04:57 . 2012-01-20 04:57	11808768 c:\windows\ERDNT\AutoBackup\1-19-2012\Users\00000001\ntuser.dat
+ 2012-01-18 08:06 . 2012-01-18 08:06	11808768 c:\windows\ERDNT\AutoBackup\1-18-2012\Users\00000001\ntuser.dat
+ 2012-01-15 16:55 . 2012-01-15 16:55	11808768 c:\windows\ERDNT\AutoBackup\1-15-2012\Users\00000001\ntuser.dat
+ 2012-01-14 21:26 . 2012-01-14 21:26	11808768 c:\windows\ERDNT\AutoBackup\1-14-2012\Users\00000001\ntuser.dat
+ 2012-02-14 20:47 . 2012-02-14 20:47	12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-01-12 09:12 . 2012-01-12 09:12	11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-02-14 23:59 . 2012-02-14 23:59	11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-01-12 09:11 . 2012-01-12 09:11	17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-02-14 23:58 . 2012-02-14 23:58	17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-01-12 08:18 . 2012-01-12 08:18	10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
+ 2012-02-14 20:47 . 2012-02-14 20:47	10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-14 20:46 . 2012-02-14 20:46	14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-14 20:46 . 2012-02-14 20:46	12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-08-18 5137648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Personal Assistant"="c:\program files\Shelltoys\Personal Assistant\assistant.exe" [2003-03-05 456704]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2011-02-02 500992]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2011-02-02 38144]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"LogMeIn GUI"="d:\notes\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2011-03-07 107008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104]
.
c:\documents and settings\Michelle\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-6-29 217088]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-26 18:40	16680	------w-	c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-15 19:24	87424	-c--a-w-	c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07	843712	-c--a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 04:51	37296	-c--a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-11-02 23:09	1862456	-c--a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12	15360	------w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-30 08:07	133104	-c--atw-	c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	-c--a-w-	c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39	1289000	----a-w-	c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2008-09-01 15:08	173304	-c--a-w-	c:\program files\ICQ6\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
2008-04-18 16:24	520192	-c--a-w-	c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Personal Assistant]
2003-03-05 18:02	456704	----a-w-	c:\program files\Shelltoys\Personal Assistant\assistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-11-15 07:21	16270848	-c--a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-04 04:18	61440	-c--a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Michelle\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/29/2011 9:05 AM 36000]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [1/20/2012 12:04 AM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [1/20/2012 12:04 AM 40296]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [1/20/2012 12:04 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [1/20/2012 12:04 AM 29464]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/29/2011 9:05 AM 86224]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [6/29/2011 3:22 AM 152576]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\notes\LogMeIn\x86\LMIGuardianSvc.exe [9/16/2010 4:49 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\notes\LogMeIn\x86\rainfo.sys [5/31/2010 9:31 AM 12856]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [3/21/2011 10:17 AM 68928]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [1/20/2012 12:04 AM 207936]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2/22/2011 6:17 PM 245760]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2011 5:46 PM 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [1/20/2012 12:04 AM 4363040]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2/22/2011 6:17 PM 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2/22/2011 6:17 PM 11520]
S3 cpuz129;cpuz129;\??\c:\docume~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/15/2011 5:46 PM 136176]
S3 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [3/21/2011 10:17 AM 196928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/10/2010 5:17 PM 27064]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys --> c:\windows\system32\DRIVERS\RT2860.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - cpuz135
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 23:45]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-15 23:45]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
- c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 08:07]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
- c:\documents and settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-30 08:07]
.
2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
Trusted Zone: exoticpublishing.com
TCP: DhcpNameServer = 200.75.200.2 200.75.200.3
FF - ProfilePath - c:\documents and settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice...p://www.odesk.com|http://66.7.214.224/cpanel/
FF - prefs.js: network.proxy.http - http://proxy.uconn.edu:3000/proxy.pac
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-rmtemp - c:\dostools\rmtemp.bat
MSConfigStartUp-eFax 4 - c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 23:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2012-02-19 23:56:18
ComboFix-quarantined-files.txt 2012-02-20 05:56
ComboFix2.txt 2012-01-02 20:37
ComboFix3.txt 2010-11-19 06:51
ComboFix4.txt 2009-11-20 07:20
.
Pre-Run: 126,814,638,080 bytes free
Post-Run: 126,862,442,496 bytes free
.
- - End Of File - - E2E1F72FE84400A37BF9D1B5C8B7377E


----------



## Triple6 (Dec 26, 2002)

Sorry, did you say you have a new video card that doesn't work? Your initial specs show you as having a Radeon X300 graphics card. It is possible the video card is the source of the beeping, maybe it has just wiggle slightly loose and isn't making perfect contact all the time, you can try removing and reinstalling the graphics card in its slot.


----------



## ep2002 (Oct 31, 2006)

Hi,

No, the new video card wouldn't allow the PC to boot up, we got those beeps, so the old video card is still in play & I already paid someone prior to that who took out the old video card & put it back in & he said the same thing you said, but clearly that isn't the problem since it's still happening.

One thing, when he tried to hook up his own video card, the computer wouldn't work then either. It seems it will only work with this old video card.

Hope that explains things.


Michelle


----------



## Triple6 (Dec 26, 2002)

Some video cards require additional power, depending on what was put it, it may not have had enough power from the system. Do you know what card was attempted to be installed?

Also, I see the latest BIOS for that motherboard apparently resolves an issue with certain AMD(ATI) graphics cards, I wonder if thats part of the problem with either the new or even the old card: http://www.asus.com/Motherboards/Intel_Socket_775/P5NE_SLI/#download


----------



## ep2002 (Oct 31, 2006)

Hi,

Yes I looked into the power supply thing before I bought this b/c some guy told me.

I asked Gigabyte if the one I have was good enough & he told me it should be fine.

It's the HD 5450 AMD Radeon.


Michelle


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, been having a few issues here regarding my internet and another company trying to 'steal' it. Long story short, many many phone calls, and I'm nearly losing the will 

Still, will look at the above stuff when home


----------



## Triple6 (Dec 26, 2002)

ep2002 said:


> Hi,
> 
> Yes I looked into the power supply thing before I bought this b/c some guy told me.
> 
> ...


The AMD Radeon HD 5450 may need the latest BIOS update from the motherboard manufacturer to work correctly.


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Sorry for the lateness, been having a few issues here regarding my internet and another company trying to 'steal' it. Long story short, many many phone calls, and I'm nearly losing the will
> 
> Still, will look at the above stuff when home


What???

Who's stealing your Internet? You mean thru Wifi???

Oh you own an ISP?

If you do, I have another question, a puzzle I'm not sure anyone can figure out.

Back when I was in Canada still, my hosting company started blocking my IP saying it was taking up all the resources on the shared server.

I was like what? I'm doing the same type of work I've done for years & I've never had this problem (new hosting company).

Anyway at first I thought it was my fault b/c I clicked on the "get mail" button about 4 times in a row as I waiting for an e-mail that wasn't arriving. I thought MAN, that's nuts if clicking on it that many times clogs up the server, but what do I know.

THEN the next time they blocked me & told me my IP was a problem again I had been sleeping, so I KNEW I wasn't doing anything. Yes my computer is left on, but really. Unless someone hacked it...

This went on for wks where I couldn't work, see my sites, get mail, send mail, etc. & I had to call them every time to get them to unblock the IP. I was freaking out thinking someone was using my router to do all this.

I think it was around that time that I learned how to lock the router down more as I was oblivious to certain things I needed to do since Linksys didn't bloody tell me this when I signed up (their tech support are morons).

That didn't stop the problem. The ONLY thing that stopped it was that they switched me to a new server & SUDDENLY I was no longer being blocked.

All was fine until 2 or 3 days ago when it happened again. Months later.

Now I'm in a different country, different ISP (terrible ISP, can't really change them, they are beyond moronic) & brand NEW router all locked down, new p/w, etc.

The ONLY common denominator is the hosting company.

They said they would monitor my account & since then their server has had problems 3 times within 2 days & my website coder realized my WP blog had been hacked. I sent the info to the hosting company, & they also found out that my site had been hacked from a while back so they got that cleaned up, but that still doesn't explain the IP address being controlled.

I was pissed. I did NOT want to have to go thru this again & I've had nothing but problems with this hosting company since I started with them just over a year ago.

I've wanted to switch from them, but I haven't had the time to research a good one in my price range with good tech support, etc. Plus you know how much work it is moving & it's not like I only have 1 or 2 sites or e-mail addys, I have tons.

So I blame them for this IP BS since they are the ONLY link.

What do you guys think?

Michelle


----------



## ep2002 (Oct 31, 2006)

Triple6 said:


> The AMD Radeon HD 5450 may need the latest BIOS update from the motherboard manufacturer to work correctly.


Ok, how do I do that? Will I hurt something?

Thanks

Michelle


----------



## Triple6 (Dec 26, 2002)

There is some risk with BIOS flashing, if something goes wrong the motherboard may not longer work.

But to do it you would use AsusUpdate, its under Utilities at the following link: http://www.asus.com/Motherboards/Intel_Socket_775/P5NE_SLI/#download
It should be able to download the latest version of the BIOS if you let it search online or you can download the latest 1406 BIOS and point the utility to the extracted ROM file.


----------



## eddie5659 (Mar 19, 2001)

Still at glorious work, but this is about the connection:

http://forums.techguy.org/random-discussion/159019-eddies-soapbox-15.html


----------



## ep2002 (Oct 31, 2006)

Had to read your soap opera before I got to your drama LOL

OMG, that's just NUTS. So it's the same address, but a triplex or duplex or something, so the American was above you? But I don't know, you both have DIFFERENT names & shouldn't you have different apt. #s?

I heard BT is terrible.

Just to confirm what I heard, there's no such thing as customer service in the UK, correct?

Anyway, are you settled now, I haven't heard from you & now things are getting worse 

Print Screen isn't working, unless by accident I hit 2 keys at once, I'm getting a black screen when I do print screen & I use print screen religiously & I've NEVER had this happen before.

See attached.


Michelle


----------



## eddie5659 (Mar 19, 2001)

Hi

I'm back now 

Nope, he doesn't live in the same building. I'm in a house and a few doors up are the apartments and he's in there. Both number 5, same road, different buildings.

Got it all sorted in the end and was not really here much this weekend.

I'm not working late this week if I can help it. Want a normal home life this week, so back on time and will look at this fully. The print screen above, what is that supposed to be? I know its not working, just when did you take it?

When I get home, we'll work back and try and sort everything out.


----------



## ep2002 (Oct 31, 2006)

I don't get it when a city screws up & doesn't plan the streets & addresses properly. That's just mass confusion.

It was just a SS of anything on my computer. I took several, they all turned out that way. I even closed down Excel & a few word docs & rebooted Fx b/c it was crashing AGAIN & still same thing.

Didn't reboot computer yet, was too busy working.

TTYL


Michelle


----------



## Triple6 (Dec 26, 2002)

The print screen problem may with an issue with the video card.


----------



## eddie5659 (Mar 19, 2001)

With regards to the video card, is the HD 5450 AMD Radeon installed or is it just the Radeon X300?

Do you know which power supply you have installed, as in 300W, 400W etc?


----------



## ep2002 (Oct 31, 2006)

Hi Trip, so are you saying you think it's BOTH the memory & the video card?

I have decided once I move again, there's this guy who says he worked with computers for years (he's a senior). I'm going to see if he can do what you told me to do.

Eddie, the new one isn't installed, no, it wouldn't work.

I believe the power supply is 400 W. I remember that's what I figured out. It's been several months since I opened the case, but I'm pretty sure it wasn't 300.


Michelle


----------



## eddie5659 (Mar 19, 2001)

For the graphics card that you currently have, can you go to Control Panel | System | Hardware tab | Device Manager.

In there, you will see Display Adapters. If you click the + next to it, the graphics card will be stated. Right-click and select Properties then Driver tab.

What's the driver date and version?


----------



## ep2002 (Oct 31, 2006)

03-03-2009
8.592.0.0


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like the driver is out of date, so lets get that updated to see if that will help 

Firstly, create a restore point as explained here:

http://support.microsoft.com/kb/948247

Then, go here for the latest drivers:

http://support.amd.com/us/gpudownlo...px?type=2.4.1&product=2.4.1.3.13&lang=English

In there you have two to pick from. One is just the driver, the other is the Catalyst Software. This is good if you change your graphic settings a lot. Its okay to have either, as I have the software due to gaming, but it does start on startup, so you can tell if its working or not that way 

But, if you just want the driver, then its okay as well.

Ah, just checked your installed programs and you have it already, so I would suggest the full software:

*ATI Catalyst Control Center*

http://forums.techguy.org/8194329-post5.html

You'll need a reboot after installing, so let me know if the print screen works okay after doing so 

eddie


----------



## ep2002 (Oct 31, 2006)

Great, that didn't work.

Sorry I took so long, I was nervous about doing it, then the monitor went black tonight & when trying to reboot, I got the 4 beeps, so I tried this.

It says the logo or something isn't compatible with XP, & Windows wants me to stop. I wasn't taking any chances.

I had to try to get out of it 4 times before it would let me & then it said the drivers weren't compatible even though I never actually installed them all. 

Now what?


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi,

Things are getting worse now, parts of my screen are turning different colours. Mainly light pink & different hues of beige 


Michelle


----------



## Triple6 (Dec 26, 2002)

I still think your video card is failing and you should try getting it replaced again.


----------



## eddie5659 (Mar 19, 2001)

I agree. Sounds like the graphics to me as well 

This is your motherboard, and by the looks of it, there isn't onboard graphics, which is a shame as you could have tested it without a new card. I could be wrong, Triple, does it look like that to you?

http://uk.asus.com/Motherboards/Intel_Socket_775/P5NE_SLI/#overview


----------



## Triple6 (Dec 26, 2002)

No, it doesn't have integrated motherboard graphics, an add-in PCI-Express graphics card will be needed.


----------



## ep2002 (Oct 31, 2006)

Grrr, it's just a matter of finding someone here who I can trust to do this.

They are complete morons in this country when it comes to anything IT related. I'm not in Canada anymore.

So are you saying there's no point in troubleshooting the driver issue I had the other day until the video card gets replaced?

What if it doesn't work again like when the other guy tried it for me? 


Michelle


----------



## Triple6 (Dec 26, 2002)

The things you are seeing on the screen and the beeps suggest a hardware failure in the video card.

There is a BIOS update for that motherboard to resolve an issue with certain AMD graphics cards, that should be applied if you use a newer AMD card or use an nVidia graphics card.


----------



## ep2002 (Oct 31, 2006)

Well no one wants to help me on the phone <sigh>

Are these the instructions for the update?

---------------------------------------------------------------------------------

There is some risk with BIOS flashing, if something goes wrong the motherboard may not longer work.

But to do it you would use AsusUpdate, its under Utilities at the following link: http://www.asus.com/Motherboards/Int..._SLI/#download
It should be able to download the latest version of the BIOS if you let it search online or you can download the latest 1406 BIOS and point the utility to the extracted ROM file.


----------



## Triple6 (Dec 26, 2002)

Yes, first install the Asus Update Utility from the Asus website, once installed you need to run it and it can probably go out onto the internet and find the latest BIOS update and download it. If not then you can manually download the BIOS file from the links above and open it with the Asus Update Utility. Then follow the onscreen instructions to finish flashing it. Once done, the computer will need to be rebooted.

Then power off the computer, unplug the power cable, and press and hold the power button to drain any power. Then remove the side panel, unscrew and remove the current video card. Insert and screw in the new video card, put the side back on, plug it back in and connect the monitor. Turn the system on.

If the video card has a power connection on the back of the card then make sure to plug a matching cable from the power supply.

Once you boot into Windows you will need to install the drivers for the video card from the CD or from the manufacturer's website. If its an AMD card then you go to www.amd.com to get the latest drivers.


----------



## ep2002 (Oct 31, 2006)

Ok, PHEW, I'm back up in running.

Anyone miss me???

No???? 

LOL

So back a week ago this past Monday, doing the bios update didn't work, but I learned how to take out (it's very difficult) a video card & put one back in.

Once I put the new one in & it didn't work, I put the old one back in & the computer was even worse than it was b4. The beeps came about a lot faster.

The geek who was directing me on the phone said he was pretty sure it was the MB & he found me one I could get from Newegg that meant I wouldn't have to change anything else in the computer. I was dealing with other forums when I thought I'd have to buy a new MB & not ONE person told me I'd have to change the entire computer if I did that. A woman on FB eventually told me & I was shocked.

After confirming that it was the MB with a computer store I was praying new WTH they were doing (they know next to nothing here), I ordered the MB on Wedns. after I had to argue that NO, the new MB will work in this computer. That scared me even more that he didn't know that to start off with & just assumed.

It finally arrived on Tues after Newegg rushed it to me (they were very nice).

Then I had to argue with the computer store after the owner hung up on me about getting it fixed that same day since he originally told that in the beginning.

Then I picked up, saw the drivers CD & thought, WTH, why is it white on the top, it looks like a pirated copy of something. I saw it was installing something, so I thought it was okay.

I was in such a rush & b/c I don't speak Spanish, I figured I'd deal with it when I got home. Are they supposed to install the drivers for you, or just the hardware & that's it?

After getting home & MS couldn't find one of the drivers on the CD, I freaked out, called Newegg demanding to know why this CD looked strange. She blamed me for not opening the box myself. A friend dropped it off at the store b/c I don't live in the city & I didn't think it was such a big deal. Then I had to get off the phone with her b/c she kept arguing & I called Intel & they refused to help telling me I could purchase the drivers from some site YEH RIGHT. Then he said a mgr. wouldn't call me back until the next day. I was NOT waiting to get back up & running, forget that, so at this point I was freaking. I hadn't been on my baby for 8 days.

So I called the techie guy & thank gawd he called me back within 5 min.

He spent the next 1.5 hours finding the drivers installing them, then me pointing out things that weren't working & him fixing them <geeze, what a nightmare>.

Then I had to deal with MS today for 2 hours b/c after I did a telephone authorization for my XP, the button to authenticate wasn't going away.

It looks like when I had to purchase a new HD last year, the techie back in Windsor put an OEM copy of XP on my computer (I don't think I brought the CD with me, I really can't remember), but I DO remember having to call MS & get my key, so I argued with the MS guy in the Philippines that why would I have needed the key if it wasn't my full retail copy?

He tried to say that these techie guys do sneaky things.

I had had him ghost the HD, that much I remember. I don't understand. I'm at a loss.

But sure enough, it says OEM under the system area.  I didn't even know what that was there as I never look in that area.

The MS guy wanted to do a format to put my XP on there b/c the key wouldn't work with the OEM one & I said no way, he wanted to do some other thing that was similar & I said no way. It took me 3 days last time to get everything back the way it was.

Then the button that kept telling me I had to authorize Windows disappeared after 2 reboots, so we left it.

He warned me something could happen with it. I mean it was working this entire time like that which makes no sense to me. I hope that's not why I've been having problems.

So no crashes so far, that's for sure, but Fx is still causing me problem with crashing & hanging.

AND to boot, while I was forced to use my laptop, in the end it was running terribly plus I was getting those script errors not just when I was dealing with TB, but also Fx.

Fx was also sluggish & slow too.

So, after reading the drama LOL, can we get back to work on cleaning this baby up & then the laptop eventually. I hope to gawd there are NO MORE hardware issues. I am almost positive now it's all the dirty electricity here (I learned this word from the guy who helped me). I mean the old MB may have been on its way out the door, but when the surges broke the APC & I was without a UPC for 3-4 weeks (no money), the computer shut down at least 2-3 times per week cold.

The new triplight I bought 2 months ago should keep her safe. I still have to buy one more as my cordless phones are now almost all dead <sigh>. I hate this country. Yes, I'm leaving soon.

Thanks & I hope you both are doing well. 

Michelle


----------



## eddie5659 (Mar 19, 2001)

Sorry about the lateness, I've been off work for the past 3 days sick, so not really looked at the computer much 

Feel a bit better (off today as well), so will try and get back to it all

-----------

Well, it sounds like you've had a fun time...not 

So, am I right in assuming that the motherboard is nicely installed and working?

If so, and I know that throughout this thread there were lots of problems, which ones are still happening?

Is it just Firefox crashing/freezing? If so, is it still the same harddrive as before?

What we'll do is work on the one problem, as in Firefox, and when that is solved, we'll move onto the next, so that we can concentrate on one at a time 

eddie


----------



## ep2002 (Oct 31, 2006)

Hi there,

Sorry to hear you are sick. What do you have?

Yes the HD is still the same.

MB seems to be working fine, no crashes.

Let's work on Fx. I never know if it's b/c Fx is sooo bloated, or it's the computer.

I also find that my sites load very very slowly. I've asked others to load the same pages in teh past & they have said they are fine, so it has to be on my end.

Once I reach past 20-23 open Fx windows (not including tabs, that I have no number for you LOL), she crashes. The other day she crashed soon after the first crash & I think I only had 3 pages open.

Chrome has been crashing more now but most times it corrects itself. With Chrome I don't have nearly the same amount of pages open.

Sometimes I have to use Chrome b/c certain sites that are so terribly coded won't work in Fx.

Some of the pages load faster in Chrome.

Same issue with the laptop although I'm not on that on enough, but I was for those 8 days.

Thanks & feel better.


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi,

Ok, this other issue KEEPS cropping up.

I haven't mentioned it before b/c it happens once in a while.

I recently changed hosting companies 2 Decembers ago to Host Dime.

I don't remember how long after switching to them this started to happen, but they started blocking my IP address saying that I was attacking their server (it's shared) & it was a drain on the server.

At first I thought it was something I did b/c I pressed the "get mail" button several times that day it happened, but then when they started telling me it was happening in the wee hours of the night while I was sleeping, I was NO WAY is this me.

They couldn't figure it out, I couldn't figure it out & I got more & more pissed b/c I had to call them up each day to get them to release my IP address so I could get mail, send mail & GET onto my own sites.

This went on for months, then they switched me to another server & it STOPPED.

That made me believe it was them.

THEN I moved here to Panama all was fine until a couple of weeks ago when it started AGAIN!!!

Now we are talking a different country & different ISP (although terrible), PLUS a brand new router, so how in the world could it happen again unless it's something on my TB?

It just happened when I got to my computer. today They said they blocked me at 4:30 am.

They are trying to tell me I should switch my e-mail settings so they don't all say get mail every 5 minutes. Yes I have around 35 e-mail addys, but so what, this has NEVER happened to me before & if it was that, then why wouldn't I be blocked several times throughout the day every day?

And why when they switched me to the other server it stopped for months?

Here's the last thing the girl said which doesn't make sense. She says it's NOT the 5 minutes, but then she suggests me changing half my addys so they don't check mail every 5 minutes. I refuse to do this unless someone can explain to me why it doesn't happen every day & why it stops for months & then starts up again. That's a lot of work to switch them & I like knowing if I get new mail every 5 minutes. I'm strong on customer service.

"This isn't an automatic block, so the every 5 minutes is not the cause of it. Basically what happens is the load on the server goes up, so we block anyone with a lot of connections to bring the load back down as well as taking other actions. At that time, the load was up so they started blocking IPs, which is why it happens randomly. I would suggest only checking maybe half instead of all of them every 5 minutes, rotating them out basically. That would prevent this from happening. Otherwise, you're risking getting blocked again, since we have to take action as soon as the server load goes up in order to prevent the server from crashing."

Hope you are feeling better.


Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, lets look at the firefox problem, first of all. Some of this we may have done, but at least it will all be fresh, and some removals just recent 

--------

First, a cleanup:

Download *TFC* to your desktop 

Open the file and close any other windows. 
It *will close all programs itself* when run, make sure to let it run uninterrupted. 
Click the Start button to begin the process. The program should not take long to finish its job 
Once its finished it should *reboot your machine*, if not, do this yourself to ensure a complete clean


Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

------------

When you open the Firefox pages, do you have anything else open at the same time, like other programs etc?

You may already have OTL, but can you delete it and get a new version and run a scan as follows:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


-----------

eddie


----------



## ep2002 (Oct 31, 2006)

Oh gawd, I don't know what happened.

When I clicked on Run for OTL, this notepad popped up saying...


Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


----------



## ep2002 (Oct 31, 2006)

I'm going to have to search for the other notepad, it's missing, it never opened.

OTL logfile created on: 3/31/2012 1:09:13 AM - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 71.97% Memory free
6.09 Gb Paging File | 5.19 Gb Available in Paging File | 85.24% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 121.50 Gb Free Space | 82.25% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 129.45 Gb Free Space | 90.63% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 148.67 Gb Free Space | 84.85% Space Free | Partition Type: NTFS

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/31 01:04:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/21 01:41:18 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/03/21 01:41:18 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/02/28 00:54:08 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/02/14 17:59:34 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/14 17:59:05 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/14 14:47:31 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/14 14:47:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/14 14:47:09 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/14 14:45:35 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/14 14:44:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/15 16:07:48 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/15 15:23:47 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [On_Demand | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/21 20:52:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 01:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/16 23:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/31 00:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/21 02:47:06 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/03/22 19:45:46 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/12 22:30:07 | 000,000,000 | ---D | M] (Area deCoder) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/09/11 17:43:40 | 000,000,000 | ---D | M] (NewsBasis) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/03/10 21:28:26 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/03/31 00:21:45 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/03/21 20:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/03/21 20:52:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/10 23:37:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/10 23:37:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\nplastpass.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.5_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/22 16:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/03/21 20:35:01 | 007,925,760 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2012/03/21 20:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/03/21 20:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2012/03/21 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/21 20:06:55 | 000,000,000 | ---D | C] -- C:\AMD
[2012/03/21 19:45:45 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\SER9PL.sys
[2012/03/21 02:47:04 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/03/21 02:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/03/21 02:46:41 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/21 02:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/21 02:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2012/03/20 23:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2012/03/20 23:31:55 | 002,129,920 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2012/03/20 23:31:55 | 000,212,992 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2012/03/20 23:31:52 | 000,164,352 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\staco.dll
[2012/03/12 23:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/03/12 23:38:59 | 000,000,000 | ---D | C] -- C:\vWorker
[2012/03/03 03:10:19 | 000,000,000 | ---D | C] -- C:\ATI

========== Files - Modified Within 30 Days ==========

[2012/03/31 01:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/03/31 01:01:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 00:56:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 00:56:36 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 00:55:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/31 00:32:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/03/30 23:25:17 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/30 03:32:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/03/22 14:57:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/03/21 20:39:45 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/21 20:22:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/21 19:57:11 | 000,001,316 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/03/21 02:50:09 | 000,430,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/21 02:50:08 | 000,066,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/12 23:45:00 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 23:45:00 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

========== Files Created - No Company Name ==========

[2012/03/21 19:45:45 | 000,026,719 | ---- | C] () -- C:\WINDOWS\System32\SERSPL.VXD
[2012/03/21 01:37:13 | 000,002,889 | R--- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2012/03/20 23:33:17 | 000,235,112 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2012/03/12 23:45:00 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/09/25 19:43:50 | 000,364,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 10:12:21 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/06/15 15:00:33 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/01/20 00:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/10/27 04:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2011/09/06 16:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/02/16 17:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/03/31 01:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========

< End of report >


----------



## ep2002 (Oct 31, 2006)

To answer your other question, yes of course, my computer is always jam packed with programs open, but I never had this problem b4 & the same programs have been open for years. Nothing much has changed other than I recently added Skype.

Even just now once I rebooted & opened Fx, it crashed with only 4 windows open & several tabs. It seems the history window was also causing problems, as I was looking for the URL to this thread so I didn't have to use TB to go search for it.

I had to restart Fx again.

Even earlier in the evening before I started doing this cleanup, I couldn't type in my own blog. I'd start typing, & the cursor would disappear & Fx would be hung & the text wouldn't show up until it was cleared out. I only had 15 windows open at that time, normally it takes about 23-25 before it starts causing problems.

I have to go to bed now. My computer isn't finding even the software. I have quite a few OTL stuff on my computer, but that's folders I created last year when others had me running this & I'd save the log files.

Nothing on C other than it saying Windows/Fonts/Corel which I assume is something else entirely.

Not a clue 


Michelle


----------



## eddie5659 (Mar 19, 2001)

Its okay about the second OTL log, as I can see it says Run 5 at the top of the log you posted, so only the one will be produced 

Okay, there are some things we can remove that are just leftovers, but there are some things showing that I want to look at deeper, that may be causing your problems 

First off, and I know many people do this so that the sites all open at the same time, but in the following, are there any sites you don't know about:



> FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"


Also, you have this:



> FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
> FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"


Which University are you in?

Do you know that this is installed?



> [2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]


Now, the following closed in December:



> [2010/09/11 17:43:40 | 000,000,000 | ---D | M] (NewsBasis) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]


http://newsbasis.com/

eddie


----------



## ep2002 (Oct 31, 2006)

Hellooooo

Sorry for the delay, I was out of town & of course didn't have my desktop.

How are you feeling?

Ok, a couple of things before I address the above...

1. Again they blocked my IP address, which of course means something from my computer was attacking their server.

2. When I got to my computer, I saw this error on the login area of Windows....

WS: plugin-container.exe

application error

the instruction at "OX0140609C referenced memory at OX00000014. The memory could not be "read."

Click on Ok to terminate the program.

Scary 

As for the above:

1. For my Fx home page, yes, those are all my startup pages as I use those sites every day. You can start more than one in Fx.

2. University???? I don't go to any University. 

3. Stretch clock is a Fx add-on & I recommend it b/c I'm sure you sit in front of the computer like I do 

4. What do you mean that was closed in Dec.? I dont' even know what it is. NewsBasis looks like a list I belong to. Isn't it? If not, I don't know what you are talking about. I vaguely remember it, but are you saying it's a piece of software on my computer, not just a list?

Thanks & TTYS


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi again,

So once again my hosting company blocked my IP address stating that 34 POPs attacked their server causing a heavy load.

I have ALWAYS had tons of e-mail addys (I have close to 45 now I think, haven't counted in a while) check mail every 5 minutes. My accounts have always been set to 5 minutes & in all these years, I've NEVER had anyone accuse me of this until I went to Host Dime & yes it's a shared server, but so what, my last hoster was shared too.

They want me to change my settings so they aren't all 5 minutes & I don't want to. Why should I have to? I want to know if new mail comes in every 5 minutes.

I want to get to the bottom of why this is happening & this always seems to happen when I'm NOT at my desk. I literally went to bed, was away from my desk for maybe 2 hours & suddenly I'm blocked. <sigh>

It just makes no sense at all whatsoever.

Do you think it's a glitch with TB, or something else?

Michelle


----------



## eddie5659 (Mar 19, 2001)

That's okay, we all have lives outside of the computer.... Well, I don't, its either computer support or gaming on a Friday night 

Its a long week here, and as its Easter, its only been 2 days at work, but feels like 10 



> 1. Again they blocked my IP address, which of course means something from my computer was attacking their server.


Is that your blog site, or another site?



> 2. When I got to my computer, I saw this error on the login area of Windows....
> 
> WS: plugin-container.exe


Okay, upon further reading on this, I found this thread in Firefox's forum. Quite lengthy, but even a year ago it was causing 99% CPU use:

http://support.mozilla.org/en-US/questions/713600

http://support.mozilla.org/en-US/questions/704242

However, this is for the older version of Firefox. This is a bit more detailed:

http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins



> Plugin-container
> 
> For each plugin for which the "OOPP" crash protection feature is enabled, a separate plugin process will be started when you first visit a webpage that evokes that plugin. When you exit Firefox, those plugin-container processes will terminate. This plugin process is named "plugin-container" on Linux, "plugin-container.exe" on Windows, and "Firefox Plugin Process (<plugin-name>)" on Mac OS.
> 
> Important: Your firewall or other security software may block the plugin-container process and prevent a plugin from working. If you are asked for permission to allow the plugin-container process to access the Internet, you should allow it. If you previously denied access, you should change your security software program settings to allow plugin-container.


So, it may be one of your plugin's causing the slowness.



> 1. For my Fx home page, yes, those are all my startup pages as I use those sites every day. You can start more than one in Fx.


Yep, I know, its just that some people can get infected, and have sites running that they didn't know about. Just asked in case you were one of them 



> 2. University???? I don't go to any University


The reason for this, is because it says this:

"http://proxy.uconn.edu:3000/proxy.pac"

and .edu is an education domain.



> StretchClock


May just look into that :up:



> 4. What do you mean that was closed in Dec.? I dont' even know what it is. NewsBasis looks like a list I belong to. Isn't it? If not, I don't know what you are talking about. I vaguely remember it, but are you saying it's a piece of software on my computer, not just a list?


If you click on the link, you'll see that the founder said it was closing. You also have it as one of your extensions in Firefox, so we can remove it if you don't use it.

--

As for the second post regarding the emails, can you try using something like Chrome or IE? The reason why the new hosting company may not like it, is because it could be like a DDoS attack, where a server gets bombarded with requests every min.

Could you not limit it to 10 mins, or stagger the email address in requests?


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Is that your blog site, or another site?


Didn't really understand what you meant here.

When they block my IP, I can't access any of my sites on their server.



eddie5659 said:


> Ihttp://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
> 
> So, it may be one of your plugin's causing the slowness.


I only skimmed, as it was almost all Greek to me 

I don't have a lot of add-ons & the only one that's maybe the problem is Last Pass, but I need it. I can't do without it.

Most of the add-ons there are disabled. I removed the newswire one, but again, that was disabled anyway.

I'm not sure it's an add-on b/c 99% of the crashes happen after I hit 18-22 pages. Prior to that it is usually stable. Not always, but most of the time.



eddie5659 said:


> The reason for this, is because it says this:
> 
> "http://proxy.uconn.edu:3000/proxy.pac"
> 
> and .edu is an education domain.


I understand that something is on my computer that references that, but I don't know where you are finding this, unless you are talking about this proxy I've been using lately since I need a US IP.... http://ultrasurf.us/

I don't know how to look into something if I don't know where you found it, what to do with it, etc. 



eddie5659 said:


> As for the second post regarding the emails, can you try using something like Chrome or IE? The reason why the new hosting company may not like it, is because it could be like a DDoS attack, where a server gets bombarded with requests every min.
> 
> Could you not limit it to 10 mins, or stagger the email address in requests?


Yes I understand why they don't like it, that's not my point. My point is, if it's a problem with TB, why isn't it happening every 5 minutes since my e-mail is set to receive every 5 minutes. It makes no sense at all that it happens only once during the wee hours of the morning & at NO other time during the day. That is what I'm saying.

Why would I need to use Chrome (I won't ever use IE unless forced)? What does Chrome have to do with TB?

I already use Chrome when certain sites don't work on Fx, but Fx is my primary browser. I want to fix the problems, not just switch software. Again, not sure what my browser has to do with TB unless you think it's the browser attacking their server.

Yes I can change the settings on certain e-mails to 6 minutes, but again, until you or someone else explains to me why it doesn't happen for months, then starts, then happens once a week, then twice a week & not every day every 5 minutes, I ain't changing anything, as it just sounds like everyone is grasping at straws & doesn't really know what is causing this.

No offense, but I've asked this question of I don't know how many people, & not one person can give me a logical answer that makes sense.

Either someone is in my computer causing this, or TB just decides to act like this once in a blue moon which again, make NO logical sense unless there's a problem with TB & then I'll repeat, it needs to be fixed. Software doesn't just act on it's own like this.

To bed for me. Hope you are sleeping well 

Michelle


----------



## eddie5659 (Mar 19, 2001)

For the Plugin link I gave, it was for the Plugin-Container error message that you're getting. It may be pointing towards a corrupt plugin, and if you only use Last Pass, maybe that is corrupt.

Which version of Last Pass do you have?

However, we can look at the Plugin-container, to see if its corrupt.

--

This is the part I was meaning with regards to the University:



> FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
> FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"


Its in your OTL logs.

uconn.edu is the website address for University of Connecticut:

www.uconn.edu/

And I'm just wondering if the problem could be there, as its only showing in Firefox, not IE or Chrome, in your OTL logs.

--



> Yes I understand why they don't like it, that's not my point. My point is, if it's a problem with TB, why isn't it happening every 5 minutes since my e-mail is set to receive every 5 minutes. It makes no sense at all that it happens only once during the wee hours of the morning & at NO other time during the day. That is what I'm saying.


Not sure, but it could be possibly because they don't expect any large amount of traffic at that time of the night, but then get a large volume of email requests from you.

Who is the hosting company, as they may be able to offer more help? Have you spoken to them direct?

-------

As Firefox seems to be the main culprit, lets troubleshoot that:

http://support.mozilla.org/en-US/kb/Basic Troubleshooting

And do each step, and see if it solves the problem. If after step 2 it doesn't solve the freezing, go to step 3 and try again.

eddie


----------



## ep2002 (Oct 31, 2006)

Hi,

Ok, I'm not really following you, sorry 

I understand that you are saying one of the plugins is corrupt, but how am I supposed to know which one it is, uninstall it & reinstall it?

Not sure what link you gave me, are you talking about this long one that went over my head? http://kb.mozillazine.org/Plugin-con...rocess_plugins

As for Last Pass (LP) I already reinstalled it a month or so ago b/c my contact at LP recommended it. So I have the latest version & unless something corrupted it since then, I doubt that's the problem other than others have said LP is a problem. I haven't gone to read other people's threads on this in a long time.

Also, I'm still getting those script errors off & on. Got one a week or two ago that stopped TB from opening. I sent you SSs a while back.

As for the EDU problem, again, not understanding you. I understand you see it, but how do I get to it & what do I do with it when I get to it? Delete it? You aren't telling me step-by-step what to do with it?

Are you saying it's a site I went to that's causing a problem & I should delete it from the history? Please clarify.

TB - yes of course I'm spoken to them & gotten very angry too since this has been going on for over a year now off & on.

I doubt they change things just b/c it's night time by them. I'm sure many of their clients work at night, so no, I don't think that's the reason it only happens at night.

Like right now, I got to my computer & all is fine. Tomorrow may be another story. If it was a problem with TB, it would happen all the time every day with no downtime. That makes logical sense to me, this doesn't.

Unless it's an ISP issue which wouldn't surprise me, as my ISP is terrible & the one back home was much better, but I had problems with them for over a year & they wouldn't admit to the problem, blamed me & then FINALLY about 6-12 months later they FINALLY realized it was something on their end.

I'm beginning to learn that people who own ISPs aren't very smart. I'm sure there are some good ones out there, but I don't know. They often seem to blame the customer b/c most customers aren't literate when it comes to computers & the net, so ISPs can just blame all day even if it's a problem on their end.

I have to run out. I'll see if I have time to do whatever that URL states to do. If I feel it's over my head I'll tell you.

Thank you & I hope you are doing well 

Michelle


----------



## eddie5659 (Mar 19, 2001)

As you're having problems with Firefox, and that the error message you got recently was for plugins (any, didn't say which on the error), then I was looking at the plugins that you have.

You also said you only have the one, so that's why I was again just looking at Last pass 

With regards to the script error's, is it just TB you get them with? This is part of Mozilla, which again is who made Firefox.

See if this helps.

For TB, if you get a crash report, can you tell me the bp number. There are two ways on how to get it, both explained here:

http://support.mozillamessaging.com/en-US/kb/mozilla-crash-reporter#w_viewing-crash-reports

I also have a detailed link on how to resolve script error's, but I won't look at that until you've tried the other link I posted above, about troubleshooting Firefox.

If it doesn't work, I'll post each thing, step by step, so we can check one thing at a time 

--

As for the EDU thing, I haven't posted about removing it, until you've tried reinstalling Firefox, as that may solve it. If it doesn't, then we can look at that after 

----------

Let me know how the url steps go, and any problems, just ask 

eddie


----------



## ep2002 (Oct 31, 2006)

Hi there,

Ok, I started doing the plugin updates & then realized I was confusing add-ons with updates LOL

Anyway, problems with the updates. I will just post every time I have a problem instead of waiting.

1. Flash - I've reinstalled it 3 times & it is still telling me to update.
2. Reader - tried to install it & it kept telling me "program manager" was open & had to be closed, but I have no idea what that is, it didn't show up in task manager or processes & I'm clueless, so I had to exit out of the install.

I even tried researching online & couldn't find anything.

3. I removed Real Time Player b/c when I went to the page it was all in Spanish. I can't get my computer to give me pages in English & it's driving me up the wall. My language is set for English, but recently it started giving me everything in Spanish. Yes I'm in Panama, but it wasn't doing this before, only occasionally. Now it's every day I have problems.

Can you tell me how to fix this?

I didn't see a DL button on that page anyway, so I just uninstalled it.

Ok, so as it stands right now, there's 2 plugins that won't update.

Then there's a ton that are "unknown plugins" & I have no idea what to do with them, how to update them, nothing, or even what they are for, so I tried to disable them, but when I relaunched the page that tells me the status of the plugins, they are all still there. 

So I don't know what to do now.

Here's a SS of most of them, there's one at the bottom that's cut off.

I'll respond to your post soon.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> As you're having problems with Firefox, and that the error message you got recently was for plugins (any, didn't say which on the error), then I was looking at the plugins that you have.
> 
> You also said you only have the one, so that's why I was again just looking at Last pass
> 
> ...


Wow, didn't even know that was in TB LOL I love learning new things even though I don't understand anything I'm looking at.

Here are the last 4 crashes. Don't they have the same thing for Fx? Those crashes would be like min. 1 per day. 

https://crash-stats.mozilla.com/report/index/bp-4fe3a795-4002-4f3b-b7a5-35ff22120407
https://crash-stats.mozilla.com/report/index/bp-ac772d6b-2485-44ea-8e2c-d61f22120303
https://crash-stats.mozilla.com/report/index/bp-dddf83b0-f8c1-42eb-8435-11d8a2120302
https://crash-stats.mozilla.com/report/index/bp-ea55f1d1-c065-4373-8f7f-798322120227
https://crash-stats.mozilla.com/report/index/bp-8e75bfbb-cdbc-4193-bc12-cc40d2111229

Thanks & have a lovely rest of your evening.

Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, having a look and a few suggestions are clearing your Java Temp files, and reinstalling Firefox/Thunderbird etc.

So, lets try the Java. Have a look here on how to clear the temp:

http://www.java.com/en/download/help/plugin_cache.xml

Reboot and see if that helps.


----------



## ep2002 (Oct 31, 2006)

Ok, I hope to get to this soon. I just don't want to reboot right now.

Another problem with Fx. I had this problem in the past & I don't want to forget the details so I'm going to tell you what's happening. It doesn't happen often, but when it does, it's very weird.

I will go to open another tab or link & instead of it opening the tab in that window set, it opens the tab or link in another window entirely. Not a new window, but a window that's in my slew of open windows.

It happened a few months ago & is happening now.

The funny thing is, it was happening to the last window that's open. I closed that window & the next window inline was fine, the tab opened normally.

<shaking head> as I don't understand it LOL

Michelle


----------



## eddie5659 (Mar 19, 2001)

Its seems to be pointing towards a corrupt browser.

If you've tried the Java bit above, and it didn't help, then I would definatly start on this:

http://support.mozilla.org/en-US/kb/Basic Troubleshooting

Do each step, restart the computer and see if it helps. If not, go to the next step


----------



## ep2002 (Oct 31, 2006)

Oh where are you going for holidays?

I just rebooted. I did what you told me to do days ago, but never rebooted, so we have to wait & see now.

When I did reboot, the system wanted to update Flash & so I tried to, but once again it said there was a problem. I think I shut down the window with the error message.

What's next?

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

Poland for two weeks 

With regards to the Flash, what was the error message or problem?

From this link, which steps have you tried:

http://support.mozilla.org/en-US/kb/Basic Troubleshooting

I'm away for two weeks from tonight, but I'm letting other's know so someone else will reply whilst I'm away.

eddie


----------



## eddie5659 (Mar 19, 2001)

Any joy with the above link?


----------



## ep2002 (Oct 31, 2006)

I'm sorry. I tried to find someone to hire to do the change for me as I don't want to do it myself & I can't find anyone who knows Fx & has done this task before.

I'm still looking as the crashes are getting worse. With TB too 

How are you doing?


Michelle


----------



## eddie5659 (Mar 19, 2001)

Which changes are you wanting to make? From the link I gave, did you try all the steps, and if so, are you at the 'Make a new profile' step?

I'm doing okay, but my graphics card is nearly dead, so a brand new one is arriving Saturday


----------



## ep2002 (Oct 31, 2006)

Phew, I FINALLY got the new profile created & set up the way it should look/act.

So sorry for the delay. Major things have been happening here since Google did what they did. Needless to say I'm not happy at all.

Ok, what's next? 

I hope you are doing well & your new graphics card is perfect. Remember I thought it was my graphics card & it ended up being the MB.


Michelle


----------



## eddie5659 (Mar 19, 2001)

Due to the blue screens I got and the messages about them being related to my graphics, I'm hopeful they're gone now 

After creating the profile, has the problems stopped?


----------



## ep2002 (Oct 31, 2006)

Good, I'm glad to hear that.

I thought the crashing stopped, but it hasn't. Although I am able to get to around 25-30 windows open now before it does crash, so that's at least something of an improvement.

I don't know if it's one of the bookmarks or what, but I can't delete the bookmarks, I have way too many.


Michelle


----------



## ep2002 (Oct 31, 2006)

Another thing:

My computer has been freezing for about 1-2 minutes several times.

I finally got the Online Armor up & running which did cause some problems with my printer, so I don't know if that's the problem, but if it is, I can't continue on like that.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, updates:

1. I shut down Armor All or whatever it's called. I thought that solved the freezing problem & it sort of did, but then now my windows explorer just crashed again. You know that Dr. Watson error message people get?

That's the 2nd time today this has happened 

2. The other day my hosting company AGAIN blocked my IP address & this time they said it was my FTP accessing their server too many times. Gawd I wish I could just move from this hosting company already.

Once again I was not at my computer & while I had had my FTP software open earlier that the day before, I had shut it down & had even rebooted, so that is nuts.

3. Today they blocked me again saying my POP was accessing their server too many times.

Once again months have gone by with NO problems & suddenly it started happening again. This again proves to me it's NOT my Thunderbird doing anything b/c if it was a TB issue, it would happen every single day & I'd be blocked every single day.

BUT I did what you guys told me to do & changed the "download e-mails every X minutes" to different times.

4-5 e-mails on 5 minutes, some on 4, 6, 7, 9, etc.

If that doesn't solve the problem then I know I was right & we still have to figure out how to solve the problem. I'd love to move to another hoster & see if the problem occurs there. This is a serious problem, especially now that they are saying it was an FTP problem 2 days ago.

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Hi there,

You okay?

I think my computer has a virus or something.

On Fx there are times when I'm losing the graphics. Not on a site, but on Fx itself. Also recently some sites are showing no graphics. I assumed it was the site (there's 2 of them), but now I'm not sure.

www,speedtest,net is one of them & I've been using that site for almost a year now with on problems until recently.

Scary


Michelle


----------



## eddie5659 (Mar 19, 2001)

Sorry, for some reason i never got the email 

Do you know the size of your paging file? If not, can you have a look here:

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure

1. Open System in Control Panel.

2. On the Advanced tab, under Performance, click Settings.

3. On the Advanced tab, under Virtual memory, click Change.

4. Under Drive [Volume Label], click the drive that contains the paging file you want to change.

5. Under Paging file size for selected drive, what is the size set to?

eddie

Under Paging file size for selected drive,


----------



## ep2002 (Oct 31, 2006)

Hi there,

I think I sent you 4 posts. Are you saying you didn't receive any of them? That has been happening to me more & more now with various different forums.

This paging file size has never changed unless something made it change.

Here's the info:

Min. 2 MB
Recommended - 4987
Allotted - 3072

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Also one other thing I wanted to note...

I've been watching tons of videos (tv shows etc.) on my computer since I don't have a TV.

I have been trying to defrag, but 2 days ago when I tried, the only drive it said needed it was E, not C.


Michelle


----------



## ep2002 (Oct 31, 2006)

Also I thought that it was the videos I'm watching, but now I'm thinking it's not b/c most of the videos I'm watching, the sound is so staticy, I can't watch the video 


Michelle


----------



## ep2002 (Oct 31, 2006)

Are you okay? 

I'm having serious issues here.

2 sites (could be more, but so far it's just these 2) aren't loading properly. They take forver to load & then the graphics are missing.

I thought maybe the IP address from my terrible ISP got put on the blacklist again, but one of the sites www.speedtest.net said my IP address nor the ISP is blocked.

The only way I can reach the site is thru a proxy, then it works (both of the sites do.).

And this is a problem on both computers, not just one & I tried it on both Fx & Chrome on the laptop & Fx, Chrome & IE on the desktop.

I hope you are around, I've been trying to deal with this & everything else for a week now.

Thanks & I hope you are okay.

Michelle


----------



## eddie5659 (Mar 19, 2001)

I'm okay 

Okay, you know when you're opening Firefox windows etc, are you opening a seperate one for each site? If so, that could be the main reason for crashing, as each window takes a certain amount of memory.

Try using the tab functions, maybe 10 tabs per window, so that it doesn't use as much memory.

If you're unsure about tabs, take a look here:

http://support.mozilla.org/en-US/kb/tabs-organize-websites-single-window


----------



## ep2002 (Oct 31, 2006)

This isn't a crashing issue anymore. I sent you numerous posts about what is going on. Didn't you read them?

I also have another problem where I can't log into a site with Chrome or Fx , only IE. Others say they can log in using Fx, so it has to be just my computer.

If you are too busy, please let me know. This is very serious now & it's preventing me from working & paying bills.

Thank you


Michelle


----------



## eddie5659 (Mar 19, 2001)

I did read them, but as the majority were about the crashing of Firefox etc, I was seeing if anything was linked.

Okay, lets see if setting the swapfile higher will help.

You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure

1. Open System in Control Panel.

2. On the Advanced tab, under Performance, click Settings.

3. On the Advanced tab, under Virtual memory, click Change.

4. Untick the option *Automatically manage page file size for all drives*

5. Under Drive [Volume Label], click the drive that contains the paging file you want to change.

6. Click *Custom Size* and then in *Maximum Size*, type in *4987*

7. Select *System Managed Size* and click OK.

OK out of the screens and then restart as prompted.

Let me know how that goes.

5.


----------



## ep2002 (Oct 31, 2006)

Hi,

I thought I lost you 

Ok, those instructions must be for win 7 b/c I can't follow them at all. I tried to figure out what you were saying, but I failed as most of the tabs aren't there, there's no "change" button or customize size. I'm on XP Proff.

Also it wasn't just about Fx crashing, I mentioned that 2 sites aren't loading the CSS files (no graphics) & it's happening on both my computers.

No one is able to figure out what the problem is. www.speedtest.net also can't figure it out & has escalated it (that's one of the sites.)

I still think it's my ISP playing games as they are terrible & don't know what they are doing, someone else thinks I have a virus or it's Anti Vir since that's the only common denominator on both computers. Or it's the router all of a sudden.

It can't be Fx b/c I can't pull up the sites on all 3 browsers. The only time I can is when I use a proxy.

While Fx is running slightly better since I started a new profile, it's still not functioning 100% properly & just now on one site I couldn't type any text. I'd type it & have to wait 1-2 minutes for the site/computer to catch up with what I wrote.

We haven't scanned the computer for viruses/maleware in a while, so I was hoping we could go thru that again.

Like I said, I've been DLing a lot of TV shows. I was hoping Anti vir would catch any show that has something, but who knows. I have been defraging more now as the forum said I need to do that if I'm watching so much on my computers.

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

Hi Eddie,

I know you are very busy, but I'm having HUGE problems with Fx now. I can't get pages to load once I click on the link, the same problem I was having before where the URL doesn't show up in the address bar, when I use the google search field on the top right, it doesn't do anything & I found another site that is missing the CSS, so there's something major going on here.

If you can't help me b/c you are too busy, just let me know & I'll just find another forum to start a thread on. I have to have a virus or something b/c this is just nuts.

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, lets recheck for viruses again.

Is it just the one site its having problems with?

Do you still have MBAM installed? If not, can you install and run as follows:

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

-----------------

Also, can you do this. Delete any copies of OTL you have, and download a fresh one as follows:

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Okay, lets recheck for viruses again.
> 
> Is it just the one site its having problems with?


No, I thought I mentioned already that the other person was right, it was the router. Once both my computer & router were shut down at the same time (that's very rare unless the electricity goes off), it fixed those 2 sites, BUT yesterday I had tons of problems with other sites & I know it's not the router this time b/c the other 2 sites in question are now working fine <sigh>.

Same issues, CSS files won't load. Links won't open pages, URLs won't show up in the address bar, etc.

I thought it was just Fx, but then I was even having problems with Chrome on a site I am on all the time.



eddie5659 said:


> Do you still have MBAM installed? If not, can you install and run as follows:


No remember you asked me to uninstall it & I did & I remember wondering why you had me uninstall it as I didn't think my computer would be safe with it gone. Why did you tell me to uninstall it?

It found 7 objects the first time, then 2 the next. I have to reboot, but wanted to give this to you in the meantime.

2012/07/04 17:47:22 -0600	EXOTIC-3C629299	Michelle	MESSAGE	Starting protection
2012/07/04 17:47:29 -0600	EXOTIC-3C629299	Michelle	MESSAGE	Protection started successfully
2012/07/04 17:47:32 -0600	EXOTIC-3C629299	Michelle	MESSAGE	Starting IP protection
2012/07/04 17:47:38 -0600	EXOTIC-3C629299	Michelle	MESSAGE	IP Protection started successfully
2012/07/04 17:59:36 -0600	EXOTIC-3C629299	Michelle	MESSAGE	Executing scheduled update: Daily
2012/07/04 17:59:38 -0600	EXOTIC-3C629299	Michelle	MESSAGE	Database already up-to-date
2012/07/04 19:17:34 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:37 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:37 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:43 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:55 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:17:58 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)
2012/07/04 19:18:04 -0600	EXOTIC-3C629299	Michelle	IP-BLOCK	74.118.195.221 (Type: outgoing)

-----------------------------------------

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michelle :: EXOTIC-3C629299 [administrator]

Protection: Enabled

7/4/2012 5:48:04 PM
mbam-log-2012-07-04 (19-21-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383226
Time elapsed: 1 hour(s), 33 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
D:\RECYCLER\S-1-5-21-725345543-1844237615-839522115-1003\Dd22.exe (Affiliate.Downloader) -> No action taken.

(end)


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> I'm okay
> 
> Okay, you know when you're opening Firefox windows etc, are you opening a seperate one for each site? If so, that could be the main reason for crashing, as each window takes a certain amount of memory.
> 
> ...


Sorry, forgot to answer your question here.

Yes I know all about tabs, I've been using Fx for years.

I have both tons of windows & tabs opened.

Michelle


----------



## ep2002 (Oct 31, 2006)

Here's one file...

OTL logfile created on: 7/4/2012 8:39:54 PM - Run 6
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 67.45% Memory free
6.09 Gb Paging File | 4.98 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 116.23 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 127.97 Gb Free Space | 89.60% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 148.21 Gb Free Space | 84.59% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.07 Gb Free Space | 1.91% Space Free | Partition Type: FAT32
Drive H: | 3.01 Gb Total Space | 2.94 Gb Free Space | 97.65% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/11/01 11:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2011/11/01 11:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/06/29 03:21:40 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/21 01:41:18 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/03/21 01:41:18 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/16 23:28:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/01 11:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/11/01 11:34:10 | 000,029,464 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/11/01 11:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/11/01 11:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 23:28:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/06/16 23:30:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/06/04 01:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/06/23 15:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/22 10:24:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/23 15:00:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/06/16 23:28:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_2\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE - ()
MsConfig - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: *Adobe Reader Speed Launcher* - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: *ccleaner* - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: *ctfmon.exe* - hkey= - key= - File not found
MsConfig - StartUpReg: *Google Update* - hkey= - key= - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: *googletalk* - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: *H/PC Connection Agent* - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: *ICQ* - hkey= - key= - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
MsConfig - StartUpReg: *pdfFactory Dispatcher v3* - hkey= - key= - File not found
MsConfig - StartUpReg: *Personal Assistant* - hkey= - key= - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
MsConfig - StartUpReg: *RTHDCPL* - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: *StartCCC* - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 16:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\LastPass
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2012/06/26 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2012/06/23 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2012/06/21 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/06/20 22:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\Wondershare PDF to Word
[2012/06/20 22:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Wondershare
[2012/06/20 22:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2012/06/20 22:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2012/06/20 22:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012/06/17 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\My Documents\ICCPro
[2012/06/17 22:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2012/06/17 22:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/06/17 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Web Dimensions
[2012/06/16 00:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\.config
[2012/06/16 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/06/16 00:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/06/12 03:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/06/12 03:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/06 23:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/06 23:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/05 15:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\oDesk
[2012/06/05 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\oDesk

========== Files - Modified Within 30 Days ==========

[2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/07/04 20:32:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/07/04 20:22:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/04 20:22:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 20:18:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 20:01:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 16:36:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 07:32:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/04 03:32:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/07/03 11:33:00 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/30 21:04:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/30 18:19:37 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 23:26:11 | 010,974,280 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:26:10 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/06/20 22:15:46 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
[2012/06/20 22:15:46 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
[2012/06/17 22:37:32 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/06/16 00:53:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/06/15 01:50:25 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 21:01:03 | 000,430,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 21:01:03 | 000,066,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 20:55:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/06 23:43:39 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2012/07/04 16:36:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 23:26:10 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/06/20 22:15:46 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare PDF to Word.lnk
[2012/06/20 22:15:46 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wondershare PDF to Word.lnk
[2012/06/17 22:37:32 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/06/16 00:53:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/06/06 23:43:39 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,040,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/02 10:12:21 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/04/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2012/06/16 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
[2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2012/07/04 20:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/06/01 03:53:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
[2012/07/04 20:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/03/21 20:06:55 | 000,000,000 | ---D | M] -- C:\AMD
[2012/03/03 03:10:19 | 000,000,000 | ---D | M] -- C:\ATI
[2010/08/02 09:51:55 | 000,000,000 | ---D | M] -- C:\Brother
[2012/01/21 01:15:22 | 000,000,000 | ---D | M] -- C:\CASH
[2010/11/19 00:46:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012/01/02 14:08:15 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/06/26 03:33:13 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/07/24 01:03:56 | 000,000,000 | ---D | M] -- C:\Corel
[2011/03/16 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012/01/20 00:08:00 | 000,000,000 | ---D | M] -- C:\dostools
[2011/12/09 22:01:07 | 000,000,000 | ---D | M] -- C:\EVENTDB
[2009/01/17 17:21:41 | 000,000,000 | ---D | M] -- C:\found.000
[2011/12/10 09:38:09 | 000,000,000 | ---D | M] -- C:\found.001
[2012/02/14 14:27:40 | 000,000,000 | ---D | M] -- C:\found.002
[2010/04/29 19:15:37 | 000,000,000 | ---D | M] -- C:\Garmin
[2010/11/28 07:49:19 | 000,000,000 | ---D | M] -- C:\HP Disk
[2010/04/29 13:16:36 | 000,000,000 | ---D | M] -- C:\ICONS
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\INFECTED
[2010/04/29 13:17:46 | 000,000,000 | ---D | M] -- C:\INSTALL.DSK
[2012/03/21 02:46:41 | 000,000,000 | ---D | M] -- C:\Intel
[2011/12/09 04:59:04 | 000,000,000 | ---D | M] -- C:\LOGFILES
[2008/10/23 00:13:27 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008/07/24 13:38:03 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008/07/24 00:35:07 | 000,000,000 | ---D | M] -- C:\OFFICE
[2012/07/04 16:35:37 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/19 23:56:21 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/02/23 01:22:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\REPORTS
[2012/01/08 02:05:13 | 000,000,000 | ---D | M] -- C:\rsit
[2009/01/23 16:02:16 | 000,000,000 | ---D | M] -- C:\Samsung
[2012/07/04 20:35:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Temp
[2012/02/19 23:56:22 | 000,000,000 | ---D | M] -- C:\Username123
[2012/03/12 23:39:53 | 000,000,000 | ---D | M] -- C:\vWorker
[2012/06/22 22:57:29 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/11/18 22:14:19 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\107c1596.msi
[2009/11/08 22:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\10bbab.msp
[2010/03/30 23:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\10bbb9.msp
[2009/01/14 14:43:58 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\10de3e8e.msp
[2012/04/15 13:28:54 | 000,203,776 | ---- | M] () -- C:\WINDOWS\Installer\11a6a0a8.msi
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f8.mst
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f9.mst
[2008/07/24 00:54:02 | 007,516,672 | ---- | M] () -- C:\WINDOWS\Installer\1251fd.msi
[2008/07/24 00:55:09 | 000,956,928 | ---- | M] () -- C:\WINDOWS\Installer\12520e.msi
[2008/07/24 00:55:26 | 000,903,680 | ---- | M] () -- C:\WINDOWS\Installer\125218.msi
[2008/07/24 00:55:44 | 016,722,944 | ---- | M] () -- C:\WINDOWS\Installer\125222.msi
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125224.mst
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125225.mst
[2008/07/24 00:55:53 | 006,558,208 | ---- | M] () -- C:\WINDOWS\Installer\125229.msi
[2008/07/24 08:24:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\12d8435.msi
[2012/06/12 03:46:23 | 000,039,424 | ---- | M] () -- C:\WINDOWS\Installer\13db314.msi
[2012/06/12 03:46:26 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\13db31c.msp
[2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\14e9f811.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\14e9f81a.msp
[2008/06/04 11:29:48 | 016,905,728 | R--- | M] () -- C:\WINDOWS\Installer\14ef95ea.msp
[2008/07/30 06:50:56 | 012,506,112 | R--- | M] () -- C:\WINDOWS\Installer\14ef9601.msp
[2008/12/08 16:31:30 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\14fb364d.msi
[2008/10/17 08:03:18 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\14fb3663.msp
[2008/10/25 08:15:10 | 006,227,456 | R--- | M] () -- C:\WINDOWS\Installer\14fb367a.msp
[2008/09/24 11:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\14fb3683.msp
[2012/04/17 12:11:06 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1559b006.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\1559b010.msp
[2012/04/27 15:09:22 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1559b027.msp
[2012/03/19 22:02:30 | 006,695,936 | R--- | M] () -- C:\WINDOWS\Installer\1559b03e.msp
[2012/04/09 16:50:24 | 006,829,568 | R--- | M] () -- C:\WINDOWS\Installer\1559b055.msp
[2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\1559b063.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\1559b06d.msp
[2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\1559b07c.msp
[2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\1559b085.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1559b08f.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\1657c717.msp
[2011/11/17 10:55:20 | 005,522,944 | ---- | M] () -- C:\WINDOWS\Installer\1657c719.msp
[2011/01/17 15:06:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\171b66fa.msp
[2007/11/08 09:42:36 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\173cd7.msp
[2008/01/14 13:24:52 | 010,721,280 | R--- | M] () -- C:\WINDOWS\Installer\173ced.msp
[2008/01/14 14:53:34 | 005,213,696 | R--- | M] () -- C:\WINDOWS\Installer\173d03.msp
[2008/04/14 12:26:46 | 011,888,128 | R--- | M] () -- C:\WINDOWS\Installer\173d1a.msp
[2008/01/31 08:30:52 | 009,947,648 | R--- | M] () -- C:\WINDOWS\Installer\173d38.msp
[2008/02/29 20:09:58 | 016,907,776 | R--- | M] () -- C:\WINDOWS\Installer\173d4f.msp
[2008/04/01 12:33:20 | 005,479,936 | R--- | M] () -- C:\WINDOWS\Installer\173d69.msp
[2008/03/17 10:48:50 | 011,813,888 | R--- | M] () -- C:\WINDOWS\Installer\173d80.msp
[2008/06/11 13:05:06 | 009,994,240 | R--- | M] () -- C:\WINDOWS\Installer\173d9b.msp
[2010/01/27 16:53:46 | 006,820,864 | R--- | M] () -- C:\WINDOWS\Installer\187d0a98.msp
[2010/02/21 00:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\187d0aa2.msp
[2012/01/13 01:42:45 | 003,947,520 | ---- | M] () -- C:\WINDOWS\Installer\19ef7e82.msi
[2011/10/04 14:41:42 | 001,317,376 | ---- | M] () -- C:\WINDOWS\Installer\1b0af846.msi
[2011/04/13 22:54:31 | 000,218,624 | ---- | M] () -- C:\WINDOWS\Installer\1b116437.msi
[2011/04/13 22:55:26 | 006,465,536 | ---- | M] () -- C:\WINDOWS\Installer\1b11643c.msi
[2011/04/13 23:12:55 | 026,428,928 | ---- | M] () -- C:\WINDOWS\Installer\1b212f4f.msi
[2011/04/13 23:13:42 | 001,100,288 | ---- | M] () -- C:\WINDOWS\Installer\1b212f57.msi
[2011/04/13 23:13:46 | 000,294,912 | ---- | M] () -- C:\WINDOWS\Installer\1b212f5f.msi
[2011/04/13 23:13:49 | 000,288,768 | ---- | M] () -- C:\WINDOWS\Installer\1b212f66.msi
[2011/04/13 23:13:50 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Installer\1b212f6d.msi
[2011/04/13 23:13:55 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f74.msi
[2011/04/13 23:13:59 | 000,357,376 | ---- | M] () -- C:\WINDOWS\Installer\1b212f7b.msi
[2011/04/13 23:14:03 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f82.msi
[2011/04/13 23:14:29 | 000,548,352 | ---- | M] () -- C:\WINDOWS\Installer\1b212f89.msi
[2011/04/13 23:14:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\Installer\1b212f90.msi
[2011/04/13 23:14:40 | 000,181,248 | ---- | M] () -- C:\WINDOWS\Installer\1b212f97.msi
[2011/04/13 23:14:41 | 000,180,736 | ---- | M] () -- C:\WINDOWS\Installer\1b212f9e.msi
[2011/04/13 23:14:42 | 000,186,368 | ---- | M] () -- C:\WINDOWS\Installer\1b212fa5.msi
[2011/04/13 23:14:44 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\1b212fad.msi
[2011/04/13 23:14:51 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\1b212fb5.msi
[2011/04/13 23:14:53 | 000,370,688 | ---- | M] () -- C:\WINDOWS\Installer\1b212fbc.msi
[2011/04/13 23:14:56 | 000,295,936 | ---- | M] () -- C:\WINDOWS\Installer\1b212fc3.msi
[2011/04/13 23:14:58 | 002,035,200 | ---- | M] () -- C:\WINDOWS\Installer\1b212fca.msi
[2011/04/13 23:16:34 | 001,515,008 | ---- | M] () -- C:\WINDOWS\Installer\1b212fd2.msi
[2010/03/22 14:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\1b53d496.msp
[2010/03/11 10:03:40 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4ad.msp
[2010/03/11 19:16:30 | 004,148,224 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4c4.msp
[2012/02/28 00:51:53 | 000,677,376 | ---- | M] () -- C:\WINDOWS\Installer\1b9aaddc.msi
[2011/10/27 04:49:16 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\1c5d6f.msi
[2009/05/12 11:01:38 | 006,818,816 | R--- | M] () -- C:\WINDOWS\Installer\1c93e0.msp
[2009/04/04 05:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\1c9409.msp
[2009/05/28 10:32:54 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\1c9420.msp
[2009/04/23 15:57:12 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\1c9437.msp
[2009/04/24 10:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\1c9443.msp
[2009/05/04 05:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\1c944e.msp
[2012/04/04 05:17:36 | 016,613,376 | ---- | M] () -- C:\WINDOWS\Installer\1dab47ba.msp
[2012/04/17 22:08:50 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\1dd1d204.msi
[2010/08/24 07:49:22 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\1e7aff.msp
[2010/10/04 14:32:10 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\1e7b16.msp
[2010/08/23 15:09:02 | 007,673,344 | R--- | M] () -- C:\WINDOWS\Installer\1e7b2d.msp
[2009/10/22 11:28:50 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5936.msp
[2009/10/06 17:40:46 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1f8e594d.msp
[2009/08/18 11:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5957.msp
[2009/10/22 11:46:32 | 006,821,888 | R--- | M] () -- C:\WINDOWS\Installer\1f8e596e.msp
[2011/10/07 23:06:42 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1f93262.msi
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\1fde943.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\1fde94c.msp
[2012/06/26 03:33:12 | 000,348,160 | ---- | M] () -- C:\WINDOWS\Installer\200340f5.msi
[2010/11/26 23:57:53 | 000,454,656 | ---- | M] () -- C:\WINDOWS\Installer\2108b86.msi
[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\212ded.msp
[2002/12/20 11:03:32 | 001,247,232 | ---- | M] () -- C:\WINDOWS\Installer\214066.msi
[2008/07/24 01:20:06 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140a3.msi
[2008/07/24 01:20:07 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140aa.msi
[2008/07/24 01:20:09 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140b1.msi
[2008/07/24 01:20:30 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\2140e4.msi
[2008/07/24 01:20:32 | 000,274,432 | ---- | M] () -- C:\WINDOWS\Installer\2140f0.msi
[2008/07/24 01:20:57 | 000,985,600 | ---- | M] () -- C:\WINDOWS\Installer\214134.msi
[2008/07/24 01:28:43 | 001,533,440 | ---- | M] () -- C:\WINDOWS\Installer\214155.msi
[2011/09/15 17:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\2183a2.msp
[2009/07/08 21:10:04 | 001,659,392 | ---- | M] () -- C:\WINDOWS\Installer\22388d37.msi
[2009/08/25 12:57:34 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\231086dd.msp
[2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\235a8d9c.msp
[2011/07/11 19:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\235a8da8.msp
[2012/03/21 20:08:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\Installer\23cb6a.msi
[2012/03/21 20:08:14 | 001,720,832 | ---- | M] () -- C:\WINDOWS\Installer\23cb72.msi
[2012/03/21 20:12:05 | 000,356,352 | ---- | M] () -- C:\WINDOWS\Installer\23cc9b.msi
[2012/03/21 20:12:07 | 000,265,728 | ---- | M] () -- C:\WINDOWS\Installer\23cca2.msi
[2012/03/21 20:12:08 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccaa.msi
[2012/03/21 20:12:10 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb1.msi
[2012/03/21 20:12:11 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb8.msi
[2012/03/21 20:12:12 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccbf.msi
[2012/03/21 20:12:14 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccc6.msi
[2012/03/21 20:12:15 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cccd.msi
[2012/03/21 20:12:17 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccd4.msi
[2012/03/21 20:12:18 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccdb.msi
[2012/03/21 20:12:19 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cce2.msi
[2012/03/21 20:12:21 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cce9.msi
[2012/03/21 20:12:22 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf0.msi
[2012/03/21 20:12:24 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf7.msi
[2012/03/21 20:12:25 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccfe.msi
[2012/03/21 20:12:26 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd05.msi
[2012/03/21 20:12:28 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd0c.msi
[2012/03/21 20:12:29 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23cd13.msi
[2012/03/21 20:12:30 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd1a.msi
[2012/03/21 20:12:31 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd21.msi
[2012/03/21 20:12:33 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd28.msi
[2012/03/21 20:12:34 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd2f.msi
[2012/03/21 20:12:35 | 000,249,344 | ---- | M] () -- C:\WINDOWS\Installer\23cd36.msi
[2012/03/21 20:12:37 | 000,251,904 | ---- | M] () -- C:\WINDOWS\Installer\23cd3d.msi
[2012/03/21 20:12:41 | 000,418,304 | ---- | M] () -- C:\WINDOWS\Installer\23cd44.msi
[2012/03/21 20:12:42 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\23cd4b.msi
[2012/03/21 20:12:59 | 001,136,128 | ---- | M] () -- C:\WINDOWS\Installer\23cd53.msi
[2009/07/01 11:21:28 | 008,891,904 | R--- | M] () -- C:\WINDOWS\Installer\24a1a268.msp
[2009/07/01 11:19:52 | 010,607,104 | R--- | M] () -- C:\WINDOWS\Installer\24a1a269.msp
[2009/08/05 00:11:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\24a1a280.msp
[2009/06/30 09:30:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\24d1dd6e.msp
[2009/05/21 20:04:59 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\253c0d99.msi
[2009/05/21 20:05:10 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\253c0da0.msi
[2009/05/21 20:05:23 | 000,059,904 | ---- | M] () -- C:\WINDOWS\Installer\253c0da7.msi
[2009/05/21 20:05:31 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\253c0dae.msi
[2009/05/21 20:06:23 | 000,152,576 | ---- | M] () -- C:\WINDOWS\Installer\253c0db5.msi
[2009/05/21 20:06:32 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\253c0dbc.msi
[2009/05/21 20:06:40 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\253c0dc4.msi
[2009/05/21 20:06:44 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\253c0dcb.msi
[2009/05/21 20:06:49 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\253c0dd7.msi
[2009/05/21 20:57:45 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\253c0df7.msi
[2009/12/01 15:41:08 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\28e45.msi
[2008/11/05 21:18:51 | 000,355,328 | ---- | M] () -- C:\WINDOWS\Installer\2bb9aa36.msi
[2010/09/23 05:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\2c65945b.msp
[2010/09/23 19:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\2c659464.msp
[2012/01/15 04:27:20 | 000,430,592 | ---- | M] () -- C:\WINDOWS\Installer\2cc9d85.msi
[2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\2e0c146.msp
[2011/10/31 12:37:46 | 004,146,688 | R--- | M] () -- C:\WINDOWS\Installer\2e0c15e.msp
[2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\2e0c175.msp
[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\2e0c17f.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\2fabd.msp
[2010/04/21 15:46:50 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\30788.msp
[2009/10/16 16:07:18 | 006,115,328 | R--- | M] () -- C:\WINDOWS\Installer\3079f.msp
[2009/04/06 15:00:42 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\30f1a.msp
[2008/07/23 20:37:12 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\317a6.msi
[2009/09/21 14:53:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\32dbce93.msp
[2009/09/29 07:08:12 | 006,747,648 | R--- | M] () -- C:\WINDOWS\Installer\32dbceaa.msp
[2009/07/27 02:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\32dbceb4.msp
[2009/08/20 03:02:38 | 005,204,992 | R--- | M] () -- C:\WINDOWS\Installer\32dbcecb.msp
[2009/08/21 08:14:20 | 008,363,008 | R--- | M] () -- C:\WINDOWS\Installer\32dbcee8.msp
[2010/02/26 17:50:15 | 000,763,392 | ---- | M] () -- C:\WINDOWS\Installer\338312d.msi
[2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\WINDOWS\Installer\34a4ce08.msp
[2009/06/08 21:31:49 | 000,912,384 | ---- | M] () -- C:\WINDOWS\Installer\34eff27c.msi
[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\38e3d.msp
[2010/02/03 18:06:50 | 001,205,760 | ---- | M] () -- C:\WINDOWS\Installer\3df54d1d.msi
[2010/01/11 01:46:39 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\3e280242.msi
[2008/07/29 18:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\3e280243.msp
[2008/07/29 18:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\3e280244.msp
[2008/07/29 18:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\3e280245.msp
[2008/07/29 18:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\3e280246.msp
[2008/07/29 18:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\3e280247.msp
[2008/07/29 18:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\3e280248.msp
[2008/07/29 18:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\3e280249.msp
[2008/07/29 18:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\3e28024a.msp
[2008/07/29 18:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\3e28024b.msp
[2010/01/11 01:48:22 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\3e2ac045.msi
[2008/07/29 22:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac046.msp
[2008/07/29 20:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac047.msp
[2008/07/29 21:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac048.msp
[2008/07/29 20:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac049.msp
[2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04a.msp
[2008/07/29 20:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04b.msp
[2008/07/29 21:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04c.msp
[2008/07/29 22:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04d.msp
[2008/07/29 20:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04e.msp
[2008/07/29 22:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04f.msp
[2010/01/11 01:49:37 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\3e2c48a2.msi
[2010/09/24 00:25:13 | 005,241,344 | ---- | M] () -- C:\WINDOWS\Installer\3f3e1071.msi
[2010/09/24 01:12:02 | 003,969,024 | ---- | M] () -- C:\WINDOWS\Installer\3f6850ab.msi
[2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\4041a.msp
[2009/11/17 12:58:25 | 000,087,040 | ---- | M] () -- C:\WINDOWS\Installer\41f6646.msi
[2009/11/17 12:58:27 | 000,087,552 | ---- | M] () -- C:\WINDOWS\Installer\41f664d.msi
[2008/07/24 01:47:17 | 000,020,992 | ---- | M] () -- C:\WINDOWS\Installer\43c29f.msi
[2008/10/20 09:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\43c52.msp
[2008/10/22 21:48:56 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\43c69.msp
[2008/10/22 21:43:52 | 006,820,352 | R--- | M] () -- C:\WINDOWS\Installer\43c80.msp
[2008/10/20 09:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\43c8a.msp
[2008/07/01 07:25:56 | 011,814,912 | R--- | M] () -- C:\WINDOWS\Installer\4520220b.msp
[2008/07/28 12:59:08 | 000,180,736 | R--- | M] () -- C:\WINDOWS\Installer\45202221.msp
[2008/06/11 12:02:44 | 000,830,464 | R--- | M] () -- C:\WINDOWS\Installer\45202237.msp
[2008/07/08 09:27:36 | 008,436,736 | R--- | M] () -- C:\WINDOWS\Installer\4520224e.msp
[2008/07/16 08:39:56 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\45202265.msp
[2008/07/08 08:09:30 | 011,887,616 | R--- | M] () -- C:\WINDOWS\Installer\4520227c.msp
[2011/08/17 10:13:19 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\45bd00cc.msi
[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\4653d0d8.msp
[2008/12/13 08:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\4653d0e9.msp
[2008/12/13 09:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\4653d0f5.msp
[2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\4653d102.msp
[2009/08/14 19:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\4653d10d.msp
[2010/08/25 15:06:30 | 006,479,360 | R--- | M] () -- C:\WINDOWS\Installer\487d4853.msp
[2010/08/20 11:50:16 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\487d486a.msp
[2010/08/05 08:57:58 | 004,066,304 | R--- | M] () -- C:\WINDOWS\Installer\487d488f.msp
[2009/04/24 10:31:18 | 001,425,920 | R--- | M] () -- C:\WINDOWS\Installer\49cc3.msp
[2009/05/01 13:49:44 | 004,328,960 | R--- | M] () -- C:\WINDOWS\Installer\49cdb.msp
[2012/06/16 00:53:12 | 000,815,616 | ---- | M] () -- C:\WINDOWS\Installer\4f13a44.msi
[2009/08/05 23:42:25 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75d4.msi
[2009/08/05 23:42:32 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75db.msi
[2010/06/30 20:52:28 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\50d2c.msp
[2010/06/11 15:55:00 | 001,827,328 | R--- | M] () -- C:\WINDOWS\Installer\50d44.msp
[2010/06/11 15:52:10 | 045,542,912 | R--- | M] () -- C:\WINDOWS\Installer\50d45.msp
[2010/05/25 09:45:58 | 008,445,440 | R--- | M] () -- C:\WINDOWS\Installer\50d5d.msp
[2012/06/05 14:50:57 | 000,900,096 | ---- | M] () -- C:\WINDOWS\Installer\516bec9.msi
[2008/11/05 13:25:16 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\51d58.msp
[2012/06/20 22:16:16 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\5215c0e.msi
[2009/07/22 15:22:05 | 001,091,584 | ---- | M] () -- C:\WINDOWS\Installer\58c467a.msi
[2009/07/22 15:22:07 | 000,084,480 | ---- | M] () -- C:\WINDOWS\Installer\58c4681.msi
[2008/12/12 10:09:40 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\5bc17de.msp
[2009/03/05 13:40:52 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\5bf94773.msp
[2009/02/25 17:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\5bf9477d.msp
[2010/03/28 12:38:02 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\5da72f.msi
[2011/01/11 15:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\624977a9.msp
[2011/03/03 09:25:14 | 005,051,904 | R--- | M] () -- C:\WINDOWS\Installer\624977c0.msp
[2011/03/17 18:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\624977ca.msp
[2010/11/20 21:34:34 | 001,198,080 | R--- | M] () -- C:\WINDOWS\Installer\624977d4.msp
[2011/02/11 18:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\624977e1.msp
[2011/04/05 10:52:16 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\624977f8.msp
[2011/02/24 07:38:52 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\6249780f.msp
[2011/01/27 12:49:14 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\62497826.msp
[2010/07/10 18:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\6361e.msp
[2008/07/24 02:42:00 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\6362e.msi
[2010/07/26 15:02:46 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\63635.msp
[2010/05/19 11:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\63641.msp
[2010/06/28 20:53:16 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\63658.msp
[2010/06/28 14:01:18 | 007,677,952 | R--- | M] () -- C:\WINDOWS\Installer\6366f.msp
[2009/11/20 14:00:24 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\642cceb3.msp
[2009/09/09 14:40:48 | 000,632,320 | R--- | M] () -- C:\WINDOWS\Installer\642cceca.msp
[2009/12/16 21:58:22 | 005,382,144 | R--- | M] () -- C:\WINDOWS\Installer\642ccee4.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\64e51e6.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\64e51f0.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\64e51fd.msp
[2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\64e5213.msp
[2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\64e522a.msp
[2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\64e5241.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\64e524b.msp
[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\65584a30.msp
[2011/06/16 10:48:15 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\65584a43.msi
[2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\WINDOWS\Installer\65584a59.msp
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\65584a63.msp
[2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a7a.msp
[2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a91.msp
[2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\65584aa8.msp
[2011/06/16 10:54:14 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\65584ab1.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\65584aba.msp
[2010/03/30 10:34:48 | 003,826,688 | R--- | M] () -- C:\WINDOWS\Installer\66e22.msp
[2010/05/03 14:06:36 | 005,053,952 | R--- | M] () -- C:\WINDOWS\Installer\66e39.msp
[2010/04/24 15:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\66e43.msp
[2010/02/24 22:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\66e52.msp
[2010/04/11 20:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\66e5f.msp
[2010/04/11 20:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\66e60.msp
[2010/04/11 20:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\66e70.msp
[2010/05/10 15:17:22 | 005,520,896 | R--- | M] () -- C:\WINDOWS\Installer\66e87.msp
[2010/05/04 20:25:30 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\66e9e.msp
[2010/05/03 14:11:42 | 004,149,760 | R--- | M] () -- C:\WINDOWS\Installer\66eb5.msp
[2010/04/24 15:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\66ebf.msp
[2010/05/03 14:27:52 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\66ed6.msp
[2010/05/11 09:30:58 | 011,194,880 | R--- | M] () -- C:\WINDOWS\Installer\66eed.msp
[2009/05/10 17:01:12 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\6dfbd.msi
[2010/01/19 17:29:16 | 005,050,368 | R--- | M] () -- C:\WINDOWS\Installer\72a0146.msp
[2010/01/19 16:51:12 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\72a015d.msp
[2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1806.msp
[2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\732b1811.msp
[2007/10/14 22:33:24 | 026,646,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1827.msp
[2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\732b1831.msp
[2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\732b183b.msp
[2008/06/19 17:28:04 | 001,573,376 | R--- | M] () -- C:\WINDOWS\Installer\732b1846.msp
[2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\732b1850.msp
[2008/08/13 13:49:34 | 011,816,960 | R--- | M] () -- C:\WINDOWS\Installer\732b1867.msp
[2007/07/27 07:03:06 | 119,977,472 | R--- | M] () -- C:\WINDOWS\Installer\766131.msp
[2008/08/03 17:42:07 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\766139.msi
[2008/06/10 12:09:22 | 005,517,312 | R--- | M] () -- C:\WINDOWS\Installer\766150.msp
[2005/10/26 12:59:54 | 002,883,072 | R--- | M] () -- C:\WINDOWS\Installer\766167.msp
[2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\79d6c.msp
[2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\79d75.msp
[2008/07/23 22:52:25 | 005,922,816 | ---- | M] () -- C:\WINDOWS\Installer\7e0c8b.msi
[2009/12/11 09:29:56 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\7eb2e.msp
[2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\858ed0f.msp
[2009/08/12 11:38:16 | 000,637,952 | ---- | M] () -- C:\WINDOWS\Installer\9473cab.msi
[2009/08/12 12:31:34 | 000,799,232 | ---- | M] () -- C:\WINDOWS\Installer\977f5fc.msi
[2009/08/12 12:35:45 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\977f60c.msi
[2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\9c203.msp
[2012/03/28 18:10:04 | 012,098,048 | R--- | M] () -- C:\WINDOWS\Installer\9c21a.msp
[2012/03/22 13:09:58 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\9c231.msp
[2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\a09b9.msp
[2011/05/01 23:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\a09c2.msp
[2009/02/11 13:02:00 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\a83efb3.msp
[2010/07/25 20:02:03 | 001,094,656 | ---- | M] () -- C:\WINDOWS\Installer\afd4fc8.msi
[2011/02/22 09:32:12 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\b4687ec.msp
[2010/10/01 20:53:12 | 004,147,712 | R--- | M] () -- C:\WINDOWS\Installer\b89d6a5.msp
[2010/12/06 14:02:34 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\b89d6bc.msp
[2010/11/12 10:08:30 | 000,889,344 | R--- | M] () -- C:\WINDOWS\Installer\b89d6d7.msp
[2010/10/22 14:45:16 | 008,444,928 | R--- | M] () -- C:\WINDOWS\Installer\b89d6ef.msp
[2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\WINDOWS\Installer\babef.msp
[2011/04/08 20:17:28 | 000,004,608 | ---- | M] () -- C:\WINDOWS\Installer\c1a34e.msi
[2012/06/06 23:43:46 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\c2675e5.msi
[2012/06/06 23:46:57 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\c26761f.msi
[2012/04/08 17:50:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Installer\caebb2b.msi
[2012/04/08 18:08:38 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\cbeed20.msi
[2012/06/22 10:25:11 | 001,259,008 | ---- | M] () -- C:\WINDOWS\Installer\ce17078.msi
[2012/04/08 20:33:27 | 002,991,104 | ---- | M] () -- C:\WINDOWS\Installer\d40c8f0.msi
[2012/06/17 15:44:57 | 001,648,128 | ---- | M] () -- C:\WINDOWS\Installer\d47b521.msi
[2010/04/29 19:20:37 | 001,571,840 | ---- | M] () -- C:\WINDOWS\Installer\d5a53e.msi
[2012/03/21 02:43:38 | 000,031,744 | ---- | M] () -- C:\WINDOWS\Installer\d66cf.msi
[2012/03/25 04:56:30 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\d9e821a.msi
[2010/10/22 12:25:02 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\e356b0.msp
[2010/10/01 16:42:36 | 005,054,464 | R--- | M] () -- C:\WINDOWS\Installer\e356c7.msp
[2010/10/14 15:57:14 | 011,189,248 | R--- | M] () -- C:\WINDOWS\Installer\e356de.msp
[2010/09/17 05:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\e356e8.msp
[2012/06/17 22:37:32 | 000,055,296 | ---- | M] () -- C:\WINDOWS\Installer\ec28ea1.msi
[2011/12/08 19:39:53 | 000,493,056 | ---- | M] () -- C:\WINDOWS\Installer\f40771a.msi
[2012/03/27 09:47:55 | 004,959,232 | R--- | M] () -- C:\WINDOWS\Installer\f47ef79.msp
[2011/01/18 22:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\f767c67.msp
[2011/03/28 02:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\f767c75.msp
[2009/07/08 21:08:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi
[2010/01/22 16:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[2009/07/20 16:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
[2006/02/28 06:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: EXOTIC-3C629299
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B 
Volume 1 C NTFS Partition 148 GB Healthy System 
Volume 2 D NTFS Partition 143 GB Healthy 
Volume 3 E NTFS Partition 175 GB Healthy 
Volume 4 G KINGSTON FAT32 Removeable 3741 MB 
Volume 5 H Kindle FAT32 Removeable 3090 MB

< End of report >


----------



## ep2002 (Oct 31, 2006)

I can't find the extras.txt file. I've looked everywhere & even tried to search for it under C & nothing


----------



## ep2002 (Oct 31, 2006)

I ran MBAM again & got 5 more errors.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michelle :: EXOTIC-3C629299 [administrator]

Protection: Enabled

7/4/2012 11:00:35 PM
mbam-log-2012-07-05 (00-45-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 382759
Time elapsed: 1 hour(s), 44 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\Documents and Settings\Michelle\Local Settings\Temp\wze1ce\u1104.exe (PUP.UltraSurf) -> No action taken.
C:\System Volume Information\_restore{7FE4316E-3B27-4BF1-A257-4FC0B36D0872}\RP1434\A0301669.exe (PUP.BundleInstaller.Somoto) -> No action taken.

(end)


----------



## eddie5659 (Mar 19, 2001)

> 2012/07/04 17:47:22 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting protection
> 2012/07/04 17:47:29 -0600 EXOTIC-3C629299 Michelle MESSAGE Protection started successfully
> 2012/07/04 17:47:32 -0600 EXOTIC-3C629299 Michelle MESSAGE Starting IP protection
> 2012/07/04 17:47:38 -0600 EXOTIC-3C629299 Michelle MESSAGE IP Protection started successfully
> ...


Okay, now the above is going to a US IP address, whereas your IP is Panama. When you ran this on the 4th July, where you in the US? If not, we'll look at the firewall rules. However, you did say you're downloading tv shows. Is this via torrent, as this is ilegal? Either way, if it is torrent, did you have it running whilst running the scan, as that may be the reason?



> C:\Documents and Settings\Michelle\Local Settings\Temp\wz1f37\u1104.exe (PUP.UltraSurf) -> No action taken.
> C:\Documents and Settings\Michelle\Local Settings\Temp\wz45e8\u1104.exe (PUP.UltraSurf) -> No action taken.
> C:\Documents and Settings\Michelle\Local Settings\Temp\wzb8f8\u1104.exe (PUP.UltraSurf) -> No action taken.
> C:\Documents and Settings\Michelle\Local Settings\Temp\wzdd23\u1104.exe (PUP.UltraSurf) -> No action taken.
> ...


These are showing as no action taken. Did you remove these, because if you didn't, they'll be there all the time? UltraSurf is a proxy, are you knowingly using this program?



> Sorry, forgot to answer your question here.
> 
> Yes I know all about tabs, I've been using Fx for years.
> 
> I have both tons of windows & tabs opened.


Like I said before, it may be too much running for your system to cope. Do you really need over 25 webpages open at one time?

---

Looking in the OTL log, you have this:



> FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3


This is about it:

https://addons.mozilla.org/en-US/firefox/addon/smart-bookmarks-bar/

And it says not only is it discontinued, but uses some adapted CSS code fragments from userstyles.org. This could be causing the CSS problems.

--------

Looking in the OTL log (its okay about the other log, as sometimes it doesn't create it) your Java is out of date, which opens you to malicious websites:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 5 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u5-windows-i586.exe* and select "Run as an Administrator.")

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

-------------

Do you know what these folders are? If you do, then I'll leave them alone 



> [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
> [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
> [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
> [2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
> ...


----------------

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
MsConfig - StartUpReg: pdfFactory Dispatcher v3 - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----------------------

eddie


----------



## ep2002 (Oct 31, 2006)

Ok, I'll do this one at a time.

I'm checking into the Fx add-on you mentioned as the site is named slightly different. I'm seeing if the guys on the forum can find me a new one. Geeze, I've never had an add-on do that before if it is doing that.

Things seem to be getting worse when it comes to add-ons & Fx changing versions every couple of months.

Are you saying that every time I use the proxy it still makes my IP address US?

I don't see how that can be, as I use it on my laptop all the time & if I don't use it, I can't get onto certain sites.

I only used it on the laptop once or twice & then stopped.

How do I clean that stuff out?

And to be clear, I NEVER used it on July 4th. I haven't used it in over a month or so, so that's scaring me.

Some techie guy gave it to me. It's very easy to use.


Michelle


----------



## eddie5659 (Mar 19, 2001)

For the proxy, what are you using? Is it from a trusted company?

If you can run the OTL fix for me above, that may help


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Like I said before, it may be too much running for your system to cope. Do you really need over 25 webpages open at one time?


Yes I do, I work on my computer & I do a lot of things at the same time. My point is I've always had that many before & it never caused problems until the last few months. I try to delete windows I'm not using, but I don't have time or I'm using all of them.

And my Fx is starting to crash again. It stopped after someone on the Mozilla forum told me to do something, now it's back again.

---



eddie5659 said:


> Looking in the OTL log (its okay about the other log, as sometimes it doesn't create it) your Java is out of date, which opens you to malicious websites:


Ok, so I went to do what you said about Java & there is no Java Runtime in add/remove programs. There's only Java(TM) 6 update 22 & 33. Is that what you want me to delete?

I deleted the temp files though in Control Panel -----> Java.

I didn't install the latest version of Java yet b/c I don't know what you want me to do about the ones in add/remove programs.

-------------



eddie5659 said:


> Do you know what these folders are? If you do, then I'll leave them alone


No, I have no idea what those are. I don't use Documents & Settings for anything. Anything in those folders is Windows or something else.

Brb

Michelle


----------



## ep2002 (Oct 31, 2006)

So I wanted to show you this as I don't know what any of these programs are.

See SS


----------



## ep2002 (Oct 31, 2006)

Hi,

Ok, the OTL is doing the same thing it did a few months ago. It freezes the computer & I have to do a cold reboot. I tried it twice 2nd time I shut down online armor & MBAM.


Michelle


----------



## eddie5659 (Mar 19, 2001)

> Ok, so I went to do what you said about Java & there is no Java Runtime in add/remove programs. There's only Java(TM) 6 update 22 & 33. Is that what you want me to delete?


Yep, they're the ones to remove. Then, after that, install the latest version.

-------

I'm just replying to say I'm going to look over the entire thread, to see if there is something there that I missed. However, I will run a few rootkit tools at the end, but just letting you know as it may take a while to re-read tonight


----------



## eddie5659 (Mar 19, 2001)

Okay, gone thru it all, and I have a few things to touch upon.

First, I noticed that OTL couldn't really run fully on a fix. It worked okay for the initial scan, just not the removal of entries. Having said that, some files/folders have gone over the pages, so I think it did work, even though no log was produced.

Now, I do want to make sure some of the things I was concerned about, have gone.

So, using SystemLook again, like you did before, can you run it with the following code, and post the log:


```
:dir
c:\windows\temp
c:\documents and settings\michelle\localsettings\temp
:filefind
*Bomgar*
:folderfind
*Bomgar*
:regfind
proxy.uconn
Bomgar
:reg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\System\CCS\Services\Tcpip\Parameters
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}
```
---------------

Now, looking in the previous installed programs, you have the following. Did you install them?

*LogMeIn
TeamViewer*

If you did install them, and you definatly don't have anyone prompting you to run them, then that's okay. The two programs above are used for remote viewing of computers. Totally legal tools, but some people may not want then installed.

Now, the following program was showing as installed, but not in AddRemove Programs, least not that I could see:

*Bomgar Support Customer Client*

This again enables remote connection of computers. What makes me single this one out, is that its not seen in your installed programs, yet it is running. Again, legit tool, but do you know anything about it?

Pretty sure you installed these two, and if so, I'll leave them be:

*Domain Name Analyzer
iLinc*

-------

You have a few things running from the temp folder, so I've put the search in the above SystemLook code 

-------------------

If you can work on the above first, I'll make sure its all okay, then look at rootkit scanners :up:


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Yep, they're the ones to remove. Then, after that, install the latest version.
> 
> -------
> 
> I'm just replying to say I'm going to look over the entire thread, to see if there is something there that I missed. However, I will run a few rootkit tools at the end, but just letting you know as it may take a while to re-read tonight


Thank you 

Java done.


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Okay, gone thru it all, and I have a few things to touch upon.
> 
> First, I noticed that OTL couldn't really run fully on a fix. It worked okay for the initial scan, just not the removal of entries. Having said that, some files/folders have gone over the pages, so I think it did work, even though no log was produced.
> 
> ...


 What is system look? Is that the code I put into OTL?

I have NO idea what "Bomgar Support Customer Client" is although I may vaguely remember someone wanting to use it.

Yes I know about logmein & Teamviewer. Whenever a company needs to help me with something, they use those 2. I think we should remove Bomgar, but how do you do that if it's not in Control Panel?

I didn't know what iLinc was, but now I do. I don't remember installing it, but it looks interesting LOL

Domain name analyzer I know about & have forgotten about it 

My concerns still are why is the proxy I used still showing up on the computer if I haven't used it in months? You didn't answer me when I asked that question last time (I don't think).

And yes I've been DLing shows to watch. I have no TV & I was sick of paying $60 & missing episodes & not being able to watch all I wanted to. Never thought I'd do it until someone here showed me.

I try to be careful & hope that Anti Vir is working properly.

My question is, how to avoid problems when watching that many videos AND the sound is terrible on my desktop, but if I watch the same show on my laptop it's not. So what does that mean?

Remember it's a brand new graphics card, so it can't be that, right?

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

And did you get the SSs I sent you of all those programs I don't recognize that Online Armor brought up?


----------



## eddie5659 (Mar 19, 2001)

Good to see Java is updated 

SystemLook, I've reposted below:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
c:\windows\temp
c:\documents and settings\michelle\localsettings\temp
:filefind
*Bomgar*
:folderfind
*Bomgar*
:regfind
proxy.uconn
Bomgar
:reg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\System\CCS\Services\Tcpip\Parameters
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

-------------------

As for Bomgar, if you run the above, we should be able to manually remove it 



> My concerns still are why is the proxy I used still showing up on the computer if I haven't used it in months? You didn't answer me when I asked that question last time (I don't think).


Is that these?

FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"

If so, again the above Systemlook should help us on that issue.

------------
For the graphics, can you tell me which card you had before, and the one you have now?

Looking back thru the very first, does this ring a bell with your original card:

http://reviews.cnet.com/graphics-cards/asus-extreme-ax300se-td/1707-8902_7-31302971.html

For your new one, if you don't know the full name, can you do this:

Control Panel | System | Device Manager.
Under Display Adapter will be the full name of the card.

-----------

Yep, looking at the SS now 

Did you install any audio/video programs lately, like VideoLanClient?

The first file in the screenshot is from the VideoLanClient program.


----------



## ep2002 (Oct 31, 2006)

Here you go...

SystemLook 30.07.11 by jpshortstuff
Log created at 19:37 on 16/07/2012 by Michelle
Administrator - Elevation successful

========== dir ==========

c:\windows\temp - Parameters: "(none)"

---Files---
ASPNETSetup_00000.log	--a--c- 5158 bytes	[00:09 13/05/2012]

[00:09 13/05/2012]
dd_clwireg.txt	--a--c- 9745 bytes	[00:04 13/05/2012]	[00:12

13/05/2012]
dd_wcf_retCA6569.txt	--a--c- 4383 bytes	[00:05 13/05/2012]

[00:05 13/05/2012]
jna1035286164999603919.dll	--a--c- 349255 bytes	[23:30 02/07/2012]

[23:30 02/07/2012]
jna1300848490281619442.dll	--a--c- 349255 bytes	[06:56 31/03/2012]

[06:56 31/03/2012]
jna1328562604608111063.dll	--a--c- 349255 bytes	[12:10 26/05/2012]

[12:10 26/05/2012]
jna1401019872280532787.dll	--a--c- 349255 bytes	[21:04 04/06/2012]

[21:04 04/06/2012]
jna1616890877094421677.dll	--a--c- 349255 bytes	[11:51 11/07/2012]

[11:51 11/07/2012]
jna1841590441191906447.dll	--a--c- 349255 bytes	[08:06 05/07/2012]

[08:06 05/07/2012]
jna2280668617532265700.dll	--a--c- 349255 bytes	[04:00 12/06/2012]

[04:00 12/06/2012]
jna2395808405567257035.dll	--a--c- 349255 bytes	[22:23 15/07/2012]

[22:23 15/07/2012]
jna2403926791366746517.dll	--a--c- 349255 bytes	[04:39 12/04/2012]

[04:39 12/04/2012]
jna2605833092513603539.dll	--a--c- 349255 bytes	[05:51 11/07/2012]

[05:51 11/07/2012]
jna2890892696993522292.dll	--a--c- 349255 bytes	[07:33 01/06/2012]

[07:33 01/06/2012]
jna2959386983495680135.dll	--a--c- 349255 bytes	[11:22 11/07/2012]

[11:22 11/07/2012]
jna3643117084999477594.dll	--a--c- 349255 bytes	[12:53 13/07/2012]

[12:53 13/07/2012]
jna3768822003544776685.dll	--a--c- 349255 bytes	[06:38 12/07/2012]

[06:38 12/07/2012]
jna3874247841687538119.dll	--a--c- 349255 bytes	[00:16 13/05/2012]

[00:16 13/05/2012]
jna3984425350379758129.dll	--a--c- 349255 bytes	[12:48 13/07/2012]

[12:48 13/07/2012]
jna4769882994419214613.dll	--a--c- 349255 bytes	[12:45 06/04/2012]

[12:45 06/04/2012]
jna5474747815781263304.dll	--a--c- 349255 bytes	[04:37 29/05/2012]

[04:37 29/05/2012]
jna5560643405563175755.dll	--a--c- 349255 bytes	[20:33 08/05/2012]

[20:33 08/05/2012]
jna5969641177408322854.dll	--a--c- 349255 bytes	[08:41 08/06/2012]

[08:41 08/06/2012]
jna6035235879020909246.dll	--a--c- 349255 bytes	[09:11 12/04/2012]

[09:11 12/04/2012]
jna604582390827366587.dll	--a--c- 349255 bytes	[05:51 25/04/2012]

[05:51 25/04/2012]
jna6068563128547858051.dll	--a--c- 349255 bytes	[06:04 11/07/2012]

[06:04 11/07/2012]
jna6567816578241060312.dll	--a--c- 349255 bytes	[17:34 14/06/2012]

[17:34 14/06/2012]
jna6826882641334816887.dll	--a--c- 349255 bytes	[02:37 16/07/2012]

[02:37 16/07/2012]
jna7110311927977861955.dll	--a--c- 349255 bytes	[04:22 20/06/2012]

[04:22 20/06/2012]
jna8255216308663472822.dll	--a--c- 349255 bytes	[02:19 05/07/2012]

[02:19 05/07/2012]
jna8311135563077444519.dll	--a--c- 349255 bytes	[21:24 30/06/2012]

[21:25 30/06/2012]
jna8381302035370069848.dll	--a--c- 349255 bytes	[12:58 13/07/2012]

[12:58 13/07/2012]
jna8600567076188823742.dll	--a--c- 349255 bytes	[07:51 15/06/2012]

[07:51 15/06/2012]
jna917504981320219843.dll	--a--c- 349255 bytes	[21:34 30/06/2012]

[21:34 30/06/2012]
Perflib_Perfdata_164.dat	--a--c- 16384 bytes	[06:57 31/03/2012]

[06:57 31/03/2012]
Perflib_Perfdata_1df8.dat	--a--c- 16384 bytes	[00:10 13/05/2012]

[00:10 13/05/2012]
Perflib_Perfdata_410.dat	--a--c- 16384 bytes	[21:35 30/06/2012]

[21:35 30/06/2012]
Perflib_Perfdata_440.dat	--a--c- 16384 bytes	[22:30 15/07/2012]

[22:30 15/07/2012]
Perflib_Perfdata_4e4.dat	--a--c- 16384 bytes	[17:37 14/06/2012]

[17:37 14/06/2012]
Perflib_Perfdata_4fc.dat	--a--c- 16384 bytes	[08:06 05/07/2012]

[08:06 05/07/2012]
Perflib_Perfdata_504.dat	--a--c- 16384 bytes	[06:42 12/07/2012]

[06:42 12/07/2012]
Perflib_Perfdata_7e8.dat	--a--c- 16384 bytes	[08:44 08/06/2012]

[08:44 08/06/2012]
Perflib_Perfdata_894.dat	--a--c- 16384 bytes	[05:52 11/07/2012]

[05:52 11/07/2012]
Perflib_Perfdata_95c.dat	--a--c- 16384 bytes	[18:59 20/04/2012]

[18:59 20/04/2012]
Perflib_Perfdata_9b8.dat	--a--c- 16384 bytes	[07:52 15/06/2012]

[07:52 15/06/2012]
Perflib_Perfdata_9bc.dat	--a--c- 16384 bytes	[20:42 26/04/2012]

[20:42 26/04/2012]
Perflib_Perfdata_a4.dat	--a--c- 16384 bytes	[23:30 02/07/2012]

[23:30 02/07/2012]
Perflib_Perfdata_a94.dat	--a--c- 16384 bytes	[04:02 12/06/2012]

[04:02 12/06/2012]
Perflib_Perfdata_b20.dat	--a--c- 16384 bytes	[21:17 26/03/2012]

[21:17 26/03/2012]
Perflib_Perfdata_b68.dat	--a--c- 16384 bytes	[21:25 30/06/2012]

[21:25 30/06/2012]
Perflib_Perfdata_bb8.dat	--a--c- 16384 bytes	[21:05 04/06/2012]

[21:05 04/06/2012]
Perflib_Perfdata_c18.dat	--a--c- 16384 bytes	[04:39 29/05/2012]

[04:39 29/05/2012]
Perflib_Perfdata_c30.dat	--a--c- 16384 bytes	[04:41 12/04/2012]

[04:41 12/04/2012]
Perflib_Perfdata_cc4.dat	--a--c- 16384 bytes	[12:47 06/04/2012]

[12:47 06/04/2012]
Perflib_Perfdata_ccc.dat	--a--c- 16384 bytes	[08:13 26/05/2012]

[08:13 26/05/2012]
Perflib_Perfdata_d0c.dat	--a--c- 16384 bytes	[12:10 26/05/2012]

[12:10 26/05/2012]
Perflib_Perfdata_d40.dat	--a--c- 16384 bytes	[12:54 13/07/2012]

[12:54 13/07/2012]
Perflib_Perfdata_d7c.dat	--a--c- 16384 bytes	[06:05 11/07/2012]

[06:05 11/07/2012]
Perflib_Perfdata_d8c.dat	--a--c- 16384 bytes	[21:27 30/06/2012]

[21:27 30/06/2012]
Perflib_Perfdata_d98.dat	--a--c- 16384 bytes	[11:52 11/07/2012]

[11:52 11/07/2012]
Perflib_Perfdata_dac.dat	--a--c- 16384 bytes	[02:38 16/07/2012]

[02:38 16/07/2012]
Perflib_Perfdata_e50.dat	--a--c- 16384 bytes	[11:23 11/07/2012]

[11:23 11/07/2012]
Perflib_Perfdata_e70.dat	--a--c- 16384 bytes	[08:07 05/07/2012]

[08:07 05/07/2012]
Perflib_Perfdata_e9c.dat	--a--c- 16384 bytes	[07:34 01/06/2012]

[07:34 01/06/2012]
Perflib_Perfdata_ea0.dat	--a--c- 16384 bytes	[00:20 13/05/2012]

[00:20 13/05/2012]
Perflib_Perfdata_ec.dat	--a--c- 16384 bytes	[02:37 16/07/2012]

[02:37 16/07/2012]
Perflib_Perfdata_f7c.dat	--a--c- 16384 bytes	[02:23 05/07/2012]

[02:23 05/07/2012]
Perflib_Perfdata_ffc.dat	--a--c- 16384 bytes	[04:24 20/06/2012]

[04:24 20/06/2012]
WGAErrLog.txt	--a--c- 483 bytes	[06:54 31/03/2012]	[22:48

16/07/2012]

---Folders---
CitrixLogs	d----c-	[06:55 31/03/2012]
hsperfdata_SYSTEM	d----c-	[06:56 31/03/2012]
Low	d----c-	[16:22 22/06/2012]

c:\documents and settings\michelle\localsettings\temp - Unable to find

folder.

========== filefind ==========

Searching for "*Bomgar*"
No files found.

========== folderfind ==========

Searching for "*Bomgar*"
No folders found.

========== regfind ==========

Searching for "proxy.uconn"
No data found.

Searching for "Bomgar"
No data found.

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Run]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

/AUTORUN"
"ControlCenter3"="C:\Program

Files\Brother\ControlCenter3\brctrcen.exe /autorun"
"LogMeIn GUI"=""D:\Notes\LogMeIn\x86\LogMeInSystray.exe""
"BrStsMon00"="C:\Program Files\Browny02\Brother\BrStMonW.exe

/AUTORUN"
"KodakShareButtonApp"="C:\Program Files\Kodak\KODAK Share

Button App\Listener.exe"
"avgnt"=""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader

9.0\Reader\Reader_sl.exe""
"Adobe ARM"=""C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe""
"@OnlineArmor GUI"=""C:\Program Files\Online Armor\OAui.exe""
"StartCCC"=""C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun"
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe"
"APSDaemon"=""C:\Program Files\Common Files\Apple\Apple

Application Support\APSDaemon.exe""
"QuickTime Task"=""C:\Program Files\QuickTime\QTTask.exe"

-atboottime"
"Wondershare Helper Compact.exe"="C:\Program Files\Common

Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"Malwarebytes' Anti-Malware"=""C:\Program Files\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray"
"SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java

Update\jusched.exe""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters\Int

erfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters\Int

erfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}]
(Unable to open key - key not found)

-= EOF =-


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Is that these?
> 
> FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
> FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
> ...


No, I don't even know what those are. It's the other one called Ultra surf.


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> -----------
> 
> For the graphics, can you tell me which card you had before, and the one you have now?
> 
> ...


Ok, I managed to find the stats prior to reinstalling the new video card & MB.

http://speccy.piriform.com/results/jC4uohDbvT41HfnQ13IQvLl

Here's the new stats - http://speccy.piriform.com/results/pVlqDuFBdYo0BtjIQNfjMS4

Michelle


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Did you install any audio/video programs lately, like VideoLanClient?
> 
> The first file in the screenshot is from the VideoLanClient program.


Hmm, I have no clue what that is. What does it do?

I don't have a webcam on my desktop, only my laptop & I never use it.

Michelle


----------



## eddie5659 (Mar 19, 2001)

Thanks for all the replies 

So, lets go thru each. You have these in the temp folder. Have a feeling they're harmless, but can you run a scan on a few as follows:

*Jotti File Submission:*

Please go to  Jotti's malware scan

Copy and paste the following file path into the *"File to upload & scan"*box on the top of the page:

*c:\windows\temp\jna1035286164999603919.dll*

 Click on the submit button

 Please post the results in your next reply.

Also, do the same for these:

*c:\windows\temp\jna1300848490281619442.dll
c:\windows\temp\jna4769882994419214613.dll*

--------

Now, the proxy I was removing isn't showing up anymore, but we'll triple-check in a bit. As for Ultra surf, I can't see it in your Addons, nor in your installed programs.

--------

Graphics:

This was your old one: 128MB ASUS Extreme AX300 Series

Which I think was this one:

http://reviews.cnet.com/graphics-cards/asus-extreme-ax300se-td/1707-8902_7-31302971.html

Can you remember if it was an ATI or Nvidia card?

new one is this: 1024MB ATI Radeon HD 5450

So, this one is an ATI. The reason I'm asking if it was a Nvidia, is that the old software may still be installed, which can conflict with each other.

Can you tell me which driver version you have? To find out, do this:

Control Panel | System | Device Manager.
Under Display Adapter will be the full name of the card.
Right-click and select Properties, then Driver tab.

---

For the VideoLanClient program, this is the main site:

http://www.videolan.org/index.html

Can you remember getting something from here?

------------------------

To check all was removed okay, can you run OTL again, as you did before;


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button.Select *All Users*. The scan wont take long. 
When the scan completes, it will open a notepad window. *OTL.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files and post them in your topic


----------



## ep2002 (Oct 31, 2006)

Ok, you can't copy & paste the path, I had to go search for it.

And I don't know how to give you the info, so I just had to copy it.

File size: 349255 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 28e4d67db8f5a83a47ca92f931d7d5eb
SHA1: 464143281e7cb43270f26249d9f3fa05bba24557

Scanners
[ArcaVir] 
2012-07-21 Found nothing
[Frisk F-Prot Antivirus] 
2012-07-20 Found nothing
[Avast! antivirus] 
2012-07-21 Found nothing
[F-Secure Anti-Virus] 
2012-07-21 Found nothing
[Grisoft AVG Anti-Virus] 
2012-07-21 Found nothing
[G DATA] 
2012-07-21 Found nothing
[Avira AntiVir] 
2012-07-21 Found nothing
[Ikarus] 
2012-07-21 Found nothing
[Softwin BitDefender] 
2012-07-21 Found nothing
[Kaspersky Anti-Virus] 
2012-07-21 Found nothing
[ClamAV] 
2012-07-21 Found nothing
[Panda Antivirus] 
2012-07-20 Found nothing
[CPsecure] 
2012-07-20 Found nothing
[Quick Heal] 
2012-07-21 Found nothing
[Dr.Web] 
2012-07-21 Found nothing
[Sophos] 
2012-07-21 Found nothing
[Emsisoft Anti-Malware] 
2012-07-21 Found nothing
[VirusBlokAda VBA32] 
2012-07-20 Found nothing
[ESET] 
2012-07-20 Found nothing
[VirusBuster] 
2012-07-20 Found nothing


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> *c:\windows\temp\jna1300848490281619442.dll
> *


*

Ok, I'm very confused.

I ran that one above 4 times & each time it said it was already scanned & it called it a different #...

This file has been scanned before. The results for this previous scan are listed below.

Filename: jna1189247634826652252.dll
Status: 
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 21 Jul 2012 17:17:00 (CET) Permalink*


----------



## ep2002 (Oct 31, 2006)

It did it again & that permalink doesn't work hence me having to copy & paste what's there...

This file has been scanned before. The results for this previous scan are listed below.

Filename: jna1189247634826652252.dll
Status: 
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 21 Jul 2012 17:17:00 (CET) Permalink

Additional info
File size: 349255 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: 28e4d67db8f5a83a47ca92f931d7d5eb
SHA1: 464143281e7cb43270f26249d9f3fa05bba24557

Scanners
[ArcaVir] 
2012-07-21 Found nothing
[Frisk F-Prot Antivirus] 
2012-07-20 Found nothing
[Avast! antivirus] 
2012-07-21 Found nothing
[F-Secure Anti-Virus] 
2012-07-21 Found nothing
[Grisoft AVG Anti-Virus] 
2012-07-21 Found nothing
[G DATA] 
2012-07-21 Found nothing
[Avira AntiVir] 
2012-07-21 Found nothing
[Ikarus] 
2012-07-21 Found nothing
[Softwin BitDefender] 
2012-07-21 Found nothing
[Kaspersky Anti-Virus] 
2012-07-21 Found nothing
[ClamAV] 
2012-07-21 Found nothing
[Panda Antivirus] 
2012-07-21 Found nothing
[CPsecure] 
2012-07-21 Found nothing
[Quick Heal] 
2012-07-21 Found nothing
[Dr.Web] 
2012-07-21 Found nothing
[Sophos] 
2012-07-21 Found nothing
[Emsisoft Anti-Malware] 
2012-07-21 Found nothing
[VirusBlokAda VBA32] 
2012-07-20 Found nothing
[ESET] 
2012-07-21 Found nothing
[VirusBuster] 
2012-07-20 Found nothing


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Graphics:
> 
> This was your old one: 128MB ASUS Extreme AX300 Series
> 
> ...


No sorry I don't. I checked the word doc I have, but I think I already removed it, but I found this, so maybe this is it?

You has said it was an ASUS EAX300 Series, the download we got was from here:

http://support.asus.com/download/download.aspx?SLanguage=en-us&model=EAX300 Series


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Can you tell me which driver version you have? To find out, do this:
> 
> Control Panel | System | Device Manager.
> Under Display Adapter will be the full name of the card.
> Right-click and select Properties, then Driver tab.


It's 8.950.0.0


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> For the VideoLanClient program, this is the main site:
> 
> http://www.videolan.org/index.html
> 
> Can you remember getting something from here?


Oh LOL, yes of course I know that software. Had you said VLC I would have known. I don't know it by it's full name.

Everyone uses VLC 

Sorry.


----------



## ep2002 (Oct 31, 2006)

Here it is.

Thanks

Michelle

--------------------
OTL logfile created on: 7/22/2012 4:53:37 AM - Run 7
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.41% Memory free
6.09 Gb Paging File | 5.00 Gb Available in Paging File | 82.10% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 119.46 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 127.79 Gb Free Space | 89.47% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 148.18 Gb Free Space | 84.57% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.10 Gb Free Space | 2.74% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/18 11:23:00 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/07/18 11:22:59 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/19 22:00:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/10 23:59:45 | 004,382,968 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/07/10 23:58:38 | 000,044,592 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/07/10 23:58:04 | 000,208,312 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 22:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/07/10 22:31:14 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/07/11 02:41:58 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/07/13 06:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 20:39:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 22:00:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.7_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.9_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 21:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/07/15 16:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Sun
[2012/07/13 07:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/05 02:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/04 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 16:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\LastPass
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2012/06/26 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2012/06/23 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2012/07/22 05:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/07/22 05:06:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 04:37:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/07/22 04:12:03 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 20:57:48 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/21 10:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 05:37:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/07/18 07:32:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/15 21:20:23 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/07/15 20:37:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/15 20:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/15 02:57:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/07/13 06:56:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/13 06:56:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 06:08:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/12 00:37:47 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 22:20:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/07/10 23:58:38 | 000,044,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/07/10 23:58:04 | 000,208,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/07/05 02:12:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/04 22:39:41 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/26 23:26:11 | 010,974,280 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:26:10 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk

========== Files Created - No Company Name ==========

[2012/07/15 21:20:23 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/07/05 02:12:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/04 16:36:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 23:26:10 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,208,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,044,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/02 10:12:21 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/04/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2012/06/16 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
[2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2012/07/19 14:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/06/01 03:53:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
[2012/07/22 05:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========

< End of report >


----------



## ep2002 (Oct 31, 2006)

Here it is.

Thanks

Michelle

--------------------
OTL logfile created on: 7/22/2012 4:53:37 AM - Run 7
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.41% Memory free
6.09 Gb Paging File | 5.00 Gb Available in Paging File | 82.10% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 119.46 Gb Free Space | 80.87% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 127.79 Gb Free Space | 89.47% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 148.18 Gb Free Space | 84.57% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.10 Gb Free Space | 2.74% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/18 11:23:00 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/07/18 11:22:59 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/19 22:00:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/10 23:59:45 | 004,382,968 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/29 03:22:06 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Folder\MapleStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys -- (cpuz129)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/07/10 23:58:38 | 000,044,592 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/07/10 23:58:04 | 000,208,312 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/15 13:24:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.http: "http://proxy.uconn.edu:3000/proxy.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 22:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/07/10 22:31:14 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/07/11 02:41:58 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]astpass.com
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/07/13 06:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 20:39:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 22:00:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.7_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.9_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/15 21:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/07/15 16:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Sun
[2012/07/13 07:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/05 02:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/04 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 16:35:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Start Menu\Programs\LastPass
[2012/06/26 23:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2012/06/26 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2012/06/23 14:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2012/07/22 05:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/07/22 05:06:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 04:37:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/07/22 04:12:03 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 20:57:48 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/21 10:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 05:37:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/07/18 07:32:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/15 21:20:23 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/07/15 20:37:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/15 20:36:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/15 02:57:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/07/13 06:56:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/13 06:56:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 06:08:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/07/12 00:37:47 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 22:20:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/07/10 23:58:38 | 000,044,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/07/10 23:58:04 | 000,208,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/07/05 02:12:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/04 22:39:41 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/26 23:26:11 | 010,974,280 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2012/06/26 23:26:10 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk

========== Files Created - No Company Name ==========

[2012/07/15 21:20:23 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/07/05 02:12:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/04 16:36:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/04 16:36:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 23:26:10 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/06/26 23:25:59 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,208,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,044,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2010/08/02 10:12:21 | 000,000,435 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 09:52:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7030.dat
[2010/08/02 09:52:31 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/10/04 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/04/22 01:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2012/06/16 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
[2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2011/10/04 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2012/07/19 14:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2010/10/06 12:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenCandy
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2011/12/08 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/06/01 03:53:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\DoxillionReminder.job
[2012/07/22 05:12:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, they're still there, so looks like we'll have to do this via another route. Thanks for the scans at Jotti, looks like they're Java files, so that's good 

So, lets try and remove the entries I've been trying to remove for some time. There are actually two tools I want to use, but we'll try the first one, as its easier 

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*


----------



## ep2002 (Oct 31, 2006)

I'm still getting the unresponsive script & again things Online Armor is picking up that I don't know.

http://i972.photobucket.com/albums/ae209/michellek2010/unresponsivescriptonlineArmor.jpg


----------



## eddie5659 (Mar 19, 2001)

Did that happen when trying to run the RunScanner tool?


----------



## ep2002 (Oct 31, 2006)

You didn't ask for the log file, but I pasted it in here anyway.

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : EXOTIC-3C629299
Creation time : 7/25/2012 9:10:16 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 2.0.0.60
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
* C:\PROGRA~1\MICROS~3\rapimgr.exe (Microsoft Corporation)
* C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
* C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
* C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
* C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation)
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
* C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
* C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
* D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
* D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
* C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
* C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
* C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\OAsrv.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\oahlp.exe (Emsi Software GmbH)
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
* C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
* C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
C:\WINDOWS\system32\HPZipm12.exe (HP)
* C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
* C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
* C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
C:\Program Files\VideoLAN\VLC\vlc.exe
* C:\WINDOWS\explorer.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

Unrated items
-------------
002 * C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
002 * C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
002 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
002 C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
002 C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
002 C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
002 * D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
002 * C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
002 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
002 * C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
002 C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
003 C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
003 * C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
003 * C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
003 * C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
004 C:\PROGRA~1\ERUNT\AUTOBACK.EXE
004 * C:\DOCUME~1\Michelle\APPLIC~1\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
005 C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE (Eastman Kodak Company)
005 C:\PROGRA~1\CRASHP~1\CRASHP~3.EXE (Code 42 Software, Inc.)
010 C:\WINDOWS\ATKKBService.exe (ATK Keyboard Service)
010 * C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Realtime Protection)
010 * C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Scheduler)
010 C:\Program Files\Browny02\BrYNSvc.exe (BrYNSvc)
010 C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan Backup Service)
010 * C:\Program Files\Java\jre7\bin\jqs.exe (Java Quick Starter)
010 * C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware)
010 * C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Maintenance Service)
010 * C:\Program Files\Online Armor\oasrv.exe (Online Armor)
010 * C:\Program Files\Online Armor\OAcat.exe (Online Armor Helper Service)
010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)
010 * C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service)
010 * C:\Program Files\Skype\Updater\Updater.exe (Skype Updater)
011 C:\WINDOWS\System32\Drivers\Video3D.sys (ASUS Video3D Service)
011 * C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011 * C:\WINDOWS\system32\DRIVERS\avkmgr.sys (avkmgr)
011 c:\windows\System32\Drivers\BANTExt.sys (Belarc SMBios Access)
011 * C:\Program Files\SystemRequirementsLab\cpudrv.sys (cpudrv)
011 C:\WINDOWS\system32\drivers\EIO.sys (EIO)
011 C:\WINDOWS\system32\drivers\atkkbnt.sys (Enhanced Display Driver Helper Service)
011 C:\WINDOWS\system32\GTNDIS5.SYS (GTNDIS5 NDIS Protocol Driver)
011 C:\WINDOWS\system32\DRIVERS\rt73.sys (Linksys Home Wireless-G USB Adapter Driver)
011 * C:\WINDOWS\system32\DRIVERS\lmimirr.sys (lmimirr)
011 * C:\WINDOWS\system32\drivers\mbam.sys (MBAMProtector)
011 * C:\WINDOWS\system32\drivers\OADriver.sys (OADriver)
011 * C:\WINDOWS\system32\drivers\OAmon.sys (OAmon)
011 * C:\WINDOWS\system32\drivers\OAnet.sys (OAnet)
011 * C:\WINDOWS\system32\drivers\oahlp32.sys (Online Armor helper driver)
011 * C:\WINDOWS\system32\DRIVERS\revoflt.sys (Revoflt)
011 C:\WINDOWS\system32\DRIVERS\tapvpn.sys (TAP VPN Adapter)
011 C:\WINDOWS\System32\Drivers\DgiVecp.sys (Team MFP Comm Driver)
011 c:\windows\system32\drivers\TrueSight.sys (TrueSight)
031 C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) {6318E0AB-2E93-11D1-B8ED-00608CC9A71F}
031 C:\Program Files\Common Files\Intuit\intu-res.dll {9CE7D474-16F9-4889-9BB9-53E2008EAE8A}
031 * C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) {91774881-D725-4E58-B298-07617B9B86A8}
047 Zone: exoticpublishing.com : https://exoticpublishing.com
050 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA45-8170-4859-9B5F-037EF2970034}
052 * C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) {E5A1691B-D188-4419-AD02-90002030B8EE}
052 * C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
052 * C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9}
052 * C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll (Advanced Micro Devices, Inc.) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35}
061 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {087B3AE3-E237-4467-B8DB-5A38AB959AC9}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {63542C48-9552-494A-84F7-73AA6A7C99C1}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {3B092F0C-7696-40E3-A80F-68D74DA84210}
061 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
061 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\Program Files\SmartDraw 2010\SDThumbnail.dll {66F1DE40-D550-4119-9120-6592E3390623}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
069 C:\WINDOWS\system32\fppmon3.dll (FinePrint Software, LLC)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
069 C:\WINDOWS\system32\hpzsnt12.dll (HP)
069 * C:\WINDOWS\system32\novamnk6.dll (Softland)
073 DoxillionReminder.job : C:\Program Files\NCH Software\Doxillion\doxillion.exe (NCH Software)
100 ProxyOverride HKCU : local
104 * C:\WINDOWS\system32\RCMedia.dll (RingCentral, Inc.) {CF25C291-E91C-11D3-873F-0000B4A2973D}
105 Add to &Evernote : res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
173 GUID / CLSID not found {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
173 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
173 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 GUID / CLSID not found
173 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\WINDOWS\system32\shellwp.dll (Corel Corporation Limited)
220 GUID / CLSID not found {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
221 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
221 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 GUID / CLSID not found
221 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\WINDOWS\system32\shellwp.dll (Corel Corporation Limited)
223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found
225 GUID / CLSID not found
225 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
225 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
225 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
225 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
225 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
225 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
225 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
225 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
226 GUID / CLSID not found {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
227 GUID / CLSID not found {BED4C38B-F765-45AC-8C56-613F76BBF43E}
227 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
227 GUID / CLSID not found
227 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
228 GUID / CLSID not found {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
229 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
231 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) OpenOffice.org Column Handler
241 GUID / CLSID not found {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
241 GUID / CLSID not found {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
241 GUID / CLSID not found {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
241 GUID / CLSID not found {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
253 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}

Missing files
-------------
002 C:\Program Files\IDT\WDM\sttray.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 System32\Drivers\usbaapl.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\DOCUME~1\Michelle\LOCALS~1\Temp\catchme.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\DOCUME~1\Michelle\LOCALS~1\Temp\cpuz_x32.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\Folder\MapleStory\npkcrypt.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 c:\windows\system32\DRIVERS\RT2860.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\Drivers\SSPORT.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys


----------



## ep2002 (Oct 31, 2006)

And no, the problem with OA happened well before I did this scan. In fact OA didn't even pop up during the scan.

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

That's okay 

Now, we can finally remove some of the things I wanted to remove a while back, but not all. We'll deal with them after.

So, can you do the following for me:

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
Click the button *Open Run File*
Click on the *RSReport file*, and select Open
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC


---------------

Then, can you re-run it as you originally did, and upload the file again


----------



## eddie5659 (Mar 19, 2001)

Looks like we may be able to solve the Firefox proxy that just won't go, and check a few other things.

If you can still do the above with Runscanner, and post the new log that would be great 

----

Then, can you try this:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

eddie


----------



## ep2002 (Oct 31, 2006)

Hi,

Sorry for the delay.

Ok, I hope I did the RunScanner properly. I don't use my desktop for any of these things. I have a downloads folder & with the software that you guys get me to use most often I even create their own folders. It did delete all those red entries thought.

The problem is I can't find the log file. I kind of shut down the window right after it finished & I no log file popped up.

Here's the Mini log file though & now I'm going to reboot.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michelle (administrator) on 01-08-2012 at 01:46:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://proxy.uconn.edu:3000/proxy.pac"
"network.proxy.http", "http://proxy.uconn.edu:3000/proxy.pac"
"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection 2 (Connected)
Intel(R) 82566DC Gigabit Network Connection = Local Area Connection 3 (Connected)

# ---------------------------------- 
# Interface IP Configuration 
# ---------------------------------- 
pushd interface ip

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp 
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration Host Name . . . . . . . . . . . . : exotic-3c629299 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cpe.cableonda.netEthernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : cpe.cableonda.net Description . . . . . . . . . . . : Intel(R) 82566DC Gigabit Network Connection Physical Address. . . . . . . . . : 00-16-76-D8-B7-DF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.100.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.100.1.1 DHCP Server . . . . . . . . . . . : 10.100.1.1 DNS Servers . . . . . . . . . . . : 8.15.12.5 8.5.244.6 Lease Obtained. . . . . . . . . . : Tuesday, July 31, 2012 4:02:46 PM Lease Expires . . . . . . . . . . : Wednesday, August 01, 2012 4:02:46 PMServer: dns01.iad01.acndigital.net
Address: 8.15.12.5

Name: google.com
Addresses: 173.194.43.0, 173.194.43.1, 173.194.43.2, 173.194.43.3
173.194.43.4, 173.194.43.5, 173.194.43.6, 173.194.43.7, 173.194.43.8
173.194.43.9, 173.194.43.14

Pinging google.com [173.194.43.14] with 32 bytes of data:Reply from 173.194.43.14: bytes=32 time=319ms TTL=46Reply from 173.194.43.14: bytes=32 time=308ms TTL=46Ping statistics for 173.194.43.14: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 308ms, Maximum = 319ms, Average = 313msServer: dns01.iad01.acndigital.net
Address: 8.15.12.5

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=168ms TTL=51Reply from 98.139.183.24: bytes=32 time=126ms TTL=51Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 126ms, Maximum = 168ms, Average = 147msServer: dns01.iad01.acndigital.net
Address: 8.15.12.5

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 16 76 d8 b7 df ...... Intel(R) 82566DC Gigabit Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.100.1.1 10.100.1.2 20
10.100.1.0 255.255.255.0 10.100.1.2 10.100.1.2 20
10.100.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.100.1.2 10.100.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.100.1.2 10.100.1.2 20
224.0.0.0 240.0.0.0 10.100.1.2 10.100.1.2 20
255.255.255.255 255.255.255.255 10.100.1.2 10.100.1.2 1
Default Gateway: 10.100.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2012 04:01:12 AM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2012/07/31 04:01:12.500]: [00003268]: Initialize TwdsMain Class failed!

Error: (07/31/2012 04:01:12 AM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2012/07/31 04:01:12.500]: [00003268]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (07/26/2012 08:49:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (07/26/2012 04:23:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (07/26/2012 03:35:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (07/26/2012 03:14:10 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x8000ffff], Release[0x00000000], OnRun[0x00000000].

Error: (07/26/2012 02:39:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x8000ffff], Release[0x00000000], OnRun[0x00000000].

Error: (07/26/2012 01:40:17 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (07/25/2012 11:36:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x8000ffff], Release[0x00000000], OnRun[0x00000000].

Error: (07/25/2012 05:09:04 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details: Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

System errors:
=============
Error: (07/31/2012 09:24:51 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 09:24:50 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 06:48:47 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 06:48:45 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 06:19:17 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 06:19:16 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 05:54:08 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 05:54:04 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 05:51:00 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Error: (07/31/2012 05:50:57 AM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Microsoft Office Sessions:
=========================
Error: (07/31/2012 04:01:12 AM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2012/07/31 04:01:12.500]: [00003268]: Initialize TwdsMain Class failed!

Error: (07/31/2012 04:01:12 AM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2012/07/31 04:01:12.500]: [00003268]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (07/26/2012 08:49:44 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (07/26/2012 04:23:44 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (07/26/2012 03:35:44 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (07/26/2012 03:14:10 AM) (Source: VSS)(User: )
Description: D:\00x8000ffff0x000000000x00000000

Error: (07/26/2012 02:39:46 AM) (Source: VSS)(User: )
Description: D:\00x8000ffff0x000000000x00000000

Error: (07/26/2012 01:40:17 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (07/25/2012 11:36:50 PM) (Source: VSS)(User: )
Description: D:\00x8000ffff0x000000000x00000000

Error: (07/25/2012 05:09:04 PM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 3325.75 MB
Available physical RAM: 724.98 MB
Total Pagefile: 6235.76 MB
Available Pagefile: 2434.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.38 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:147.72 GB) (Free:119.86 GB) NTFS
3 Drive d: () (Fixed) (Total:142.83 GB) (Free:127.22 GB) NTFS
4 Drive e: () (Fixed) (Total:175.22 GB) (Free:147.08 GB) NTFS
6 Drive g: (KINGSTON) (Removable) (Total:3.65 GB) (Free:0.17 GB) FAT32

========================= Users: ========================================

User accounts for \\EXOTIC-3C629299

Administrator Guest HelpAssistant 
Michelle SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## ep2002 (Oct 31, 2006)

And the bad news is...

Firefox has been stressing me out to no end.

Same issues as before:

1. CSS & images missing from the page.
2. I click on links either from a page or even from an e-mail & it won't load the link in the address bar.
3. I type in an URL & it won't load it. It will redirect to the URL that was there before.

Even Chrome is causing me problems. I click on a tab & it won't switch to that tab.

And to make matter worse, my mouse froze again several times. Twice it was so bad I thought I was going to have to do a cold reboot in fact I may have, I can't remember right now.

Remember it was the MB last time & we thought it was the graphics card. There's no way the MB could be broken, I just got it. 

I'm hoping it's not that & you can fix this.

It's getting so annoying (the browser issues) that I can't even trust what I see on the screen. I tell my website coder there's a problem & there isn't. The only way to get the page to show up correctly is to refresh it. Sometimes I have to refresh it several times.

And Fx is crashing at around 15-20 pages again, so whatever you did to fix it last time didn't hold.

I'm rebooting now.

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

With regards to Runscanner, it doesn't create a log after you run the fix. You have to rescan with it as you initially did 

-----------

Hmmm, well, lets firstly see if we can finally get rid of that proxy. Also, there was an interesting error message that popped up in the log, that 'could' be the cause of the problems.

So, the proxy first:

Re-run MiniToolBox, and add a checkmark the following checkboxes:


Flush DNS
Reset FF Proxy Settings
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

*Note:* When using "Reset FF Proxy Settings" option Firefox should be closed.

------------------------

Do you use SimpleDNS? The reason I ask is it looks like you have server using that address. If you do, that's fine 

------------------------

I'm going to read up on the error as I need to check a few things on it first, but if you can do the above first, that would be great


----------



## eddie5659 (Mar 19, 2001)

One question I will ask: for hosting or the usage of the website you have, are you using a Server like Windows Server 2008 etc?


----------



## ep2002 (Oct 31, 2006)

Ok, here's this. No wonder my Fx closed down LOL

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michelle (administrator) on 01-08-2012 at 18:23:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****


----------



## ep2002 (Oct 31, 2006)

Ran this again for you.

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : EXOTIC-3C629299
Creation time : 8/1/2012 6:28:59 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.6001.18702
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 3
RunScanner Version : 2.0.0.60
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
* C:\PROGRA~1\MICROS~3\rapimgr.exe (Microsoft Corporation)
* C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
* C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
* C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
* C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
* C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
* C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation)
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
* C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
C:\Program Files\Web Dimensions\ICCPro\ICCPro.exe
* C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
* C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
* C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
* D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
* D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
* C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
* C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation)
* C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
* C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\oahlp.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\OAsrv.exe (Emsi Software GmbH)
* C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\WINDOWS\system32\HPZipm12.exe (HP)
* C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
* C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
* C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
* C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
C:\Program Files\VideoLAN\VLC\vlc.exe
* C:\WINDOWS\explorer.exe (Microsoft Corporation)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
* C:\PROGRA~1\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
* C:\PROGRA~1\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
* C:\PROGRA~1\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
* C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
* C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

Unrated items
-------------
002 * C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
002 * C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
002 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
002 C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
002 C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
002 C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
002 * D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
002 * C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
002 C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
002 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
002 * C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
002 C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
003 C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
003 * C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
003 * C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
003 * C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
004 C:\PROGRA~1\ERUNT\AUTOBACK.EXE
004 * C:\DOCUME~1\Michelle\APPLIC~1\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
005 C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE (Eastman Kodak Company)
005 C:\PROGRA~1\CRASHP~1\CRASHP~3.EXE (Code 42 Software, Inc.)
010 C:\WINDOWS\ATKKBService.exe (ATK Keyboard Service)
010 * C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Realtime Protection)
010 * C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Scheduler)
010 C:\Program Files\Browny02\BrYNSvc.exe (BrYNSvc)
010 C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan Backup Service)
010 * C:\Program Files\Java\jre7\bin\jqs.exe (Java Quick Starter)
010 * C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware)
010 * C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Maintenance Service)
010 * C:\Program Files\Online Armor\oasrv.exe (Online Armor)
010 * C:\Program Files\Online Armor\OAcat.exe (Online Armor Helper Service)
010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)
010 * C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service)
010 * C:\Program Files\Skype\Updater\Updater.exe (Skype Updater)
011 C:\WINDOWS\System32\Drivers\Video3D.sys (ASUS Video3D Service)
011 * C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt)
011 * C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb)
011 * C:\WINDOWS\system32\DRIVERS\avkmgr.sys (avkmgr)
011 c:\windows\System32\Drivers\BANTExt.sys (Belarc SMBios Access)
011 * C:\Program Files\SystemRequirementsLab\cpudrv.sys (cpudrv)
011 C:\WINDOWS\system32\drivers\EIO.sys (EIO)
011 C:\WINDOWS\system32\drivers\atkkbnt.sys (Enhanced Display Driver Helper Service)
011 C:\WINDOWS\system32\GTNDIS5.SYS (GTNDIS5 NDIS Protocol Driver)
011 C:\WINDOWS\system32\DRIVERS\rt73.sys (Linksys Home Wireless-G USB Adapter Driver)
011 * C:\WINDOWS\system32\DRIVERS\lmimirr.sys (lmimirr)
011 * C:\WINDOWS\system32\drivers\mbam.sys (MBAMProtector)
011 * C:\WINDOWS\system32\drivers\OADriver.sys (OADriver)
011 * C:\WINDOWS\system32\drivers\OAmon.sys (OAmon)
011 * C:\WINDOWS\system32\drivers\OAnet.sys (OAnet)
011 * C:\WINDOWS\system32\drivers\oahlp32.sys (Online Armor helper driver)
011 * C:\WINDOWS\system32\DRIVERS\revoflt.sys (Revoflt)
011 C:\WINDOWS\system32\DRIVERS\tapvpn.sys (TAP VPN Adapter)
011 C:\WINDOWS\System32\Drivers\DgiVecp.sys (Team MFP Comm Driver)
011 c:\windows\system32\drivers\TrueSight.sys (TrueSight)
031 C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) {6318E0AB-2E93-11D1-B8ED-00608CC9A71F}
031 C:\Program Files\Common Files\Intuit\intu-res.dll {9CE7D474-16F9-4889-9BB9-53E2008EAE8A}
031 * C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) {91774881-D725-4E58-B298-07617B9B86A8}
047 Zone: exoticpublishing.com : https://exoticpublishing.com
050 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA45-8170-4859-9B5F-037EF2970034}
052 * C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) {E5A1691B-D188-4419-AD02-90002030B8EE}
052 * C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
052 * C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9}
052 * C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
061 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll (Advanced Micro Devices, Inc.) {872A9397-E0D6-4e28-B64D-52B8D0A7EA35}
061 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {087B3AE3-E237-4467-B8DB-5A38AB959AC9}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {63542C48-9552-494A-84F7-73AA6A7C99C1}
061 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {3B092F0C-7696-40E3-A80F-68D74DA84210}
061 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
061 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\Program Files\SmartDraw 2010\SDThumbnail.dll {66F1DE40-D550-4119-9120-6592E3390623}
061 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
069 C:\WINDOWS\system32\fppmon3.dll (FinePrint Software, LLC)
069 C:\WINDOWS\system32\HpTcpMon.dll (Hewlett Packard)
069 C:\WINDOWS\system32\hpzsnt12.dll (HP)
069 * C:\WINDOWS\system32\novamnk6.dll (Softland)
073 DoxillionReminder.job : C:\Program Files\NCH Software\Doxillion\doxillion.exe (NCH Software)
100 ProxyOverride HKCU : local
104 * C:\WINDOWS\system32\RCMedia.dll (RingCentral, Inc.) {CF25C291-E91C-11D3-873F-0000B4A2973D}
105 Add to &Evernote : res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
173 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
173 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
173 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\WINDOWS\system32\shellwp.dll (Corel Corporation Limited)
221 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
221 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
221 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\WINDOWS\system32\shellwp.dll (Corel Corporation Limited)
223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
225 * C:\PROGRA~1\ONLINE~2\oaevent.dll (Emsi Software GmbH) {4F07DA46-8170-4859-9B5F-037EF2970034}
225 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
225 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
225 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
225 * C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll (VS Revo Group) {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
225 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 * C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Avira Operations GmbH & Co. KG) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
225 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}
227 C:\Program Files\Ultra Tag Editor\TagEditorMenu.dll (Atelio Software, Inc.) {1CAA0E93-2376-43B5-B795-1AA831864E59}
227 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll (Advanced Micro Devices, Inc.) {5E2121EE-0300-11D4-8D3B-444553540000}
231 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org) OpenOffice.org Column Handler
251 C:\Program Files\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
253 C:\Corel\Suite8\Programs\PFSE80.DLL (Novell, Inc.) {C0E10002-0028-0001-C0E1-C0E1C0E1C0E1}


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Do you use SimpleDNS? The reason I ask is it looks like you have server using that address. If you do, that's fine


Really I don't know why I would be running a program like that.

If I needed to know the IP address of a domain, I would just look it up online once. I don't do that sort of task ever really. Maybe once I looked it if the firewall called attention to it.

Maybe it came with some software I purchased, but I'd rather be safe & delete it since I don't know one way or another.

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> One question I will ask: for hosting or the usage of the website you have, are you using a Server like Windows Server 2008 etc?


You mean all my sites?

It's shared hosting & no, I don't use MS garbage, only Apache.

HTH

Michelle


----------



## eddie5659 (Mar 19, 2001)

When you re-ran RunScanner, did you also get a new RSReport file? If so, can you upload that as well 

---------

Can you re-run MiniToolBox and this time just select the following checkboxes:


Report FF Proxy Settings
List last 10 Event Viewer log

and post the log

-------------------

Also, can you re-run OTL just to get the basic log, so that we can see if we can see if everything has gone, and sort out the SimpleDNS bit. Only the one log will be produced.


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> When you re-ran RunScanner, did you also get a new RSReport file? If so, can you upload that as well


No, I'm pretty sure I would have given it to you if something popped up after the scan.

---------



eddie5659 said:


> Can you re-run MiniToolBox and this time just select the following checkboxes:
> 
> 
> Report FF Proxy Settings
> List last 10 Event Viewer log


It says List last 10 Event Viewer Errors, not log. I hope that's the same thing.

Michelle


----------



## ep2002 (Oct 31, 2006)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michelle (administrator) on 06-08-2012 at 01:14:25
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= FF Proxy Settings:

==============================

========================= Event log errors:

===============================

Application errors:
==================
Error: (08/06/2012 00:39:57 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (08/05/2012 04:47:29 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0,

faulting module dbghelp.dll, version 5.1.2600.5512, fault address

0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/05/2012 04:46:56 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512,

faulting module msvcr80.dll, version 8.0.50727.6195, fault address

0x000174a0.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/03/2012 07:55:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (08/03/2012 05:13:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (08/02/2012 01:50:52 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2012/08/02 13:50:52.984]: [00003124]:

Initialize TwdsMain Class failed!

Error: (08/02/2012 01:50:52 PM) (Source: Brother BrLog) (User: )
Description: TWN BrtTWN: [2012/08/02 13:50:52.984]: [00003124]:

##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/02/2012 01:07:01 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x8000ffff], Release[0x00000000], OnRun[0x00000000].

Error: (08/02/2012 00:42:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

Error: (08/02/2012 00:07:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot

be flushed during the shadow copy creation period on volume D:\.
The volume index in the shadow copy set is 0. Error details:

Flush[0x00000000], Release[0x00000000], OnRun[0x8000ffff].

System errors:
=============
Error: (08/06/2012 00:38:57 AM) (Source: 0) (User: )
Description: C:

Error: (08/06/2012 00:38:57 AM) (Source: 0) (User: )
Description: E:

Error: (08/06/2012 00:37:57 AM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

Kingston DT 101 G2 USB Device.

Error: (08/06/2012 00:37:55 AM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

Kingston DT 101 G2 USB Device.

Error: (08/06/2012 00:37:55 AM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

OLYMPUS DVR USB Device.

Error: (08/06/2012 00:37:54 AM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

OLYMPUS DVR USB Device.

Error: (08/05/2012 08:47:36 PM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

OLYMPUS DVR USB Device.

Error: (08/05/2012 08:47:33 PM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

OLYMPUS DVR USB Device.

Error: (08/05/2012 08:47:33 PM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

Kingston DT 101 G2 USB Device.

Error: (08/05/2012 08:47:32 PM) (Source: Removable Storage Service)

(User: )
Description: RSM could not load media in drive Drive 0 of library

Kingston DT 101 G2 USB Device.

Microsoft Office Sessions:
=========================
Error: (08/06/2012 00:39:57 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (08/05/2012 04:47:29 AM) (Source: Application Error)(User: )
Description:

drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (08/05/2012 04:46:56 AM) (Source: Application Error)(User: )
Description:

explorer.exe6.0.2900.5512msvcr80.dll8.0.50727.6195000174a0

Error: (08/03/2012 07:55:30 PM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (08/03/2012 05:13:31 PM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (08/02/2012 01:50:52 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2012/08/02 13:50:52.984]: [00003124]:

Initialize TwdsMain Class failed!

Error: (08/02/2012 01:50:52 PM) (Source: Brother BrLog)(User: )
Description: TWNBrtTWN: [2012/08/02 13:50:52.984]: [00003124]:

##### Fatal ERROR!! Create STI-device failed! #####

Error: (08/02/2012 01:07:01 PM) (Source: VSS)(User: )
Description: D:\00x8000ffff0x000000000x00000000

Error: (08/02/2012 00:42:50 PM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

Error: (08/02/2012 00:07:43 AM) (Source: VSS)(User: )
Description: D:\00x000000000x000000000x8000ffff

**** End of log ****


----------



## ep2002 (Oct 31, 2006)

OTL logfile created on: 8/6/2012 3:21:37 AM - Run 8
OTL by OldTimer - Version 3.2.53.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 8.31% Memory free
6.09 Gb Paging File | 2.73 Gb Available in Paging File | 44.80% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 119.24 Gb Free Space | 80.72% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 127.18 Gb Free Space | 89.04% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 147.82 Gb Free Space | 84.37% Space Free | Partition Type: NTFS
Drive H: | 499.75 Mb Total Space | 68.06 Mb Free Space | 13.62% Space Free | Partition Type: FAT

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 23:36:16 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/07/19 22:00:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/18 03:11:38 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/11 13:48:02 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/07/11 13:47:39 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/07/11 00:00:18 | 002,346,592 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/07/10 23:59:45 | 004,382,968 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAsrv.exe
PRC - [2012/07/10 23:58:16 | 001,168,296 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/07/04 20:36:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/27 16:23:00 | 000,108,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/19 15:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 15:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/02/09 15:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2008/01/31 12:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 02:06:35 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/30 23:36:14 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/30 23:36:13 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/30 23:36:12 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/30 23:34:57 | 000,526,872 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/30 23:34:55 | 000,104,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/30 23:34:45 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/30 23:34:43 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/30 23:34:42 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/07/19 22:00:08 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/18 03:11:42 | 001,936,352 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/07/18 03:11:42 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/07/18 03:11:42 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/07/11 13:47:43 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/07/11 13:47:39 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/06/27 16:23:28 | 002,285,056 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2012/06/27 16:23:26 | 011,603,968 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/06/27 16:23:24 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/06/27 16:23:24 | 000,049,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/06/27 16:23:22 | 001,868,288 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2012/06/27 16:23:22 | 001,719,296 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,386,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,185,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,040,448 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/06/27 16:23:22 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/06/27 16:23:20 | 010,292,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2012/06/27 16:23:20 | 001,318,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/06/27 16:23:20 | 000,372,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/06/27 16:23:20 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,263,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,154,624 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/06/27 16:23:18 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/06/27 16:23:16 | 000,194,048 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll
MOD - [2012/06/27 16:23:16 | 000,034,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,428,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,310,784 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,182,272 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,068,608 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/06/27 16:23:14 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2012/06/27 16:23:12 | 001,518,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/06/27 16:23:12 | 001,316,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,135,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,035,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/06/27 16:23:12 | 000,034,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/06/27 16:23:10 | 001,235,456 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/06/27 16:23:10 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,698,368 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,077,824 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,056,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2012/06/27 16:23:08 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2012/06/27 16:23:06 | 000,139,264 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2012/06/27 16:23:06 | 000,070,144 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/06/27 16:23:06 | 000,070,144 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2012/06/27 16:23:06 | 000,052,736 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2012/06/27 16:23:06 | 000,050,688 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,258,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,248,832 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,219,648 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,093,696 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,091,136 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,083,968 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,079,360 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,047,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,043,520 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/06/27 16:23:04 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,724,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,440,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,198,656 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,106,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,092,160 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/06/27 16:23:02 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2012/06/27 16:23:00 | 000,111,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2012/06/27 16:23:00 | 000,108,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
MOD - [2012/06/27 16:23:00 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/06/26 23:26:07 | 000,970,240 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/06/14 23:08:56 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 21:03:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 21:02:50 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 21:00:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 18:25:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 18:25:04 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 18:11:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 18:10:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/14 21:45:52 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/19 15:56:38 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/26 15:45:08 | 000,024,912 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\Wordcnvpxy.cnv
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 16:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2004/10/11 09:19:00 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\ASUSASV2.DLL
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/19 22:00:09 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/13 07:06:00 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/11 13:48:02 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2012/07/10 23:59:45 | 004,382,968 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/07/10 23:58:03 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - [2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/07/10 23:58:38 | 000,044,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/07/10 23:58:04 | 000,208,312 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/09 04:58:16 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 15:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 15:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://srp.freecause.com/?ourmark=3&sid=100311&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 22:00:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 17:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/04 18:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/07/10 22:31:14 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/06/04 01:56:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/08/04 18:54:40 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/26 23:26:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/07/13 06:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/20 20:39:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHELLE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VC1PO946.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 22:00:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/06/16 23:28:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/16 23:28:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.11_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKCU\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 17:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CrashPlan
[2012/07/30 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\CrashPlan
[2012/07/26 18:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2012/07/26 18:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/07/26 18:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/07/25 21:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Application Data\Runscanner.net
[2012/07/15 21:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/07/15 16:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michelle\Local Settings\Application Data\Sun
[2012/07/13 07:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/13 07:06:25 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/13 07:06:25 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/13 07:06:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/13 07:06:12 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/08/06 03:47:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/08/06 03:37:05 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/08/06 03:06:03 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 23:38:16 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/05 20:08:52 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/05 10:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 05:37:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/08/05 05:22:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/05 05:11:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/01 20:09:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/08/01 07:32:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/01 02:06:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/01 02:06:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/26 18:45:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/07/15 21:20:23 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/07/15 02:57:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/07/13 07:05:59 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/07/13 07:05:59 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/07/13 07:05:59 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/07/13 07:05:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/07/13 07:05:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/07/13 07:05:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/07/13 06:56:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/13 06:56:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 00:37:47 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 22:20:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 00:01:14 | 000,031,912 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/07/10 23:58:52 | 000,027,632 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/07/10 23:58:38 | 000,044,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/07/10 23:58:04 | 000,208,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys

========== Files Created - No Company Name ==========

[2012/07/26 18:45:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/07/15 21:20:23 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,208,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,044,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >


----------



## ep2002 (Oct 31, 2006)

Hi there,

Damm, still having huge problems with Fx loading the page.

Does OTL shut off the cookies b/c G is now warning me:

We've detected a problem with your cookie settings.

Enable cookies
Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions.

Clear cache and cookies
If you have cookies enabled but are still having trouble, clear your browser's cache and cookies.

Adjust your privacy settings
If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add www.google.com to your list of allowed sites. Learn more


----------



## eddie5659 (Mar 19, 2001)

Looks like the proxy in Firefox has finally gone :up:

OTL doesn't change any cookie settings, is the Google message in Firefox, or another browser?

------------

I need to look at some settings that is bringing the error message up. So, can you do the following for me.

Go to Start | Programs | Accessories.

In there, look for *Command Prompt*.

Right-click on it and select *Run as Administrator.

(if it doesn't have the option, as I'm not certain with XP, then just open it as normal by clicking on it)

In there, type the following:

vssadmin list shadowstorage










And press Enter:










Now, when the details are there, you need to copy/paste them here. To do that, right-click inside the window and click on Select All










Then, when its all highlighted:










On your keyboard, press Ctrl then C and it will copy it.

In your reply here, right-click and select Paste, and it will be as a log *


----------



## ep2002 (Oct 31, 2006)

I had another cookie issue the next day & I think that was in Fx. First time around it was in Chrome.

Here you go & no, I guess in XP there is no run admin option.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Michelle>vssadmin list shadowstorage
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.

Usage:

vssadmin list shadows [/set={shadow copy set guid}]
Lists all shadow copies in the system, grouped by shadow copy set Id.

vssadmin list writers
Lists all writers in the system

vssadmin list providers
Lists all currently installed shadow copy providers

C:\Documents and Settings\Michelle>

I turned off Online Armor as someone gave me this page & it said it could be the firewall, but it didn't help. I think it's better, but I was still getting pages I had to refresh over & over again to get it to load & I'm still clicking links that don't bring up the address in the address bar.

http://kb.mozillazine.org/Error_loading_websites

Hope you are doing well 

Michelle


----------



## ep2002 (Oct 31, 2006)

Got this error when I went to my computer after it had been sitting for a while. I guess Fx crashed at the same time.

http://i972.photobucket.com/albums/ae209/michellek2010/MemoryIssue.jpg

Michelle


----------



## eddie5659 (Mar 19, 2001)

The plugin container is linked to Firefox and sometimes Flash. There has been some instabilities with the latest flash update, so it may be that. However, looking at that picture you posted made me look at the taskbar near your clock. You have a lot running there, so we can see if trimmimg them down may help.

---------

For the error loading websites link, have you tried any of the fixes offered in the link? I see it does have a few subsections, one for only Mozilla, and one for all programs. I'm guessing its all programs, but correct me if I'm wrong.

----------

The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious.

Don't worry, you're not uninstalling these, just preventing them loading at startup

================

BrStsMon00 - Related to Brother Industries, Ltd. Brother MFC printer application.
ControlCenter3 - Related to Brother Brother scanner 'Control Center' application; can be started manually.
StartCCC - Related to ATI Technologies Inc. Puts the ATI Catalyst Control Center Icon/Shortcut on the System Tray.
Wondershare Helper Compact.exe - Related to Wondershare Wondershare Helper Compact software applications.
Messenger (Yahoo!) - Related to Yahoo! Messenger.
Personal Assistant - Related to Shelltoys Day Planner and Personal Information Manager.

=================

Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are above, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK.

---------------

Now one item i didn't pop in there is this:

O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

This basically backs your registry up each time you boot. I wonder if this is the cause for the error, as the log you posted from the 'vssadmin list shadowstorage' didn't show anything.

Normally, people run Erunt when they're about to make a change to the registry, as a failsafe in case something goes wrong. However, you have this running everytime you log into Windows. If you have both System Restore and Erunt running, this may cause the slowness.

So, to see what we have, can you do this for me. Not sure if you still have SystemLook, but just in case you don't, can you do the following:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\Windows\ERDNT /sub
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

If its very large, then attach it instead.

eddie


----------



## ep2002 (Oct 31, 2006)

Ok, first things first:

1. I don't know the short codes for the entries you want me to stop on startup. The last 2 I need on startup as I use them frequently. The rest can go.

Here are SSs for what I'm seeing in the startup area.

http://i972.photobucket.com/albums/ae209/michellek2010/StartupEntries.jpg
http://i972.photobucket.com/albums/ae209/michellek2010/StartupEntries2.jpg
http://i972.photobucket.com/albums/ae209/michellek2010/StartupEntries3.jpg

Also another quick question.

I have to do a lot of SSs & pasting them into Paint & I never save the images in the default paint area. Can I configure it so paint always points to a different folder where I save all my SSs?

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:57 on 13/08/2012 by Michelle
Administrator - Elevation successful

========== dir ==========

C:\Windows\ERDNT - Parameters: "/sub"

---Files---
None found.

C:\Windows\ERDNT\3-27-2011	d----c-	[16:58 27/03/2011]
default	--a--c- 3612672 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
ERDNT.CON	--a--c- 673 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
ERDNT.EXE	--a--c- 163328 bytes	[16:58 27/03/2011]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
ERDNTDOS.LOC	--a--c- 2815 bytes	[16:58 27/03/2011]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[16:58 27/03/2011]	[07:09 25/09/2002]
SAM	--a--c- 24576 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
SECURITY	--a--c- 57344 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
software	--a--c- 36282368 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]
system	--a--c- 6455296 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]

C:\Windows\ERDNT\3-27-2011\Users	d----c-	[16:58 27/03/2011]

C:\Windows\ERDNT\3-27-2011\Users\00000001	d----c-	[16:58 27/03/2011]
ntuser.dat	--a--c- 11128832 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]

C:\Windows\ERDNT\3-27-2011\Users\00000002	d----c-	[16:58 27/03/2011]
UsrClass.dat	--a--c- 241664 bytes	[16:58 27/03/2011]	[16:58 27/03/2011]

C:\Windows\ERDNT\3-30-2011	d----c-	[04:57 30/03/2011]
default	--a--c- 3612672 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
ERDNT.CON	--a--c- 673 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
ERDNT.EXE	--a--c- 163328 bytes	[04:57 30/03/2011]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
ERDNTDOS.LOC	--a--c- 2815 bytes	[04:57 30/03/2011]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[04:57 30/03/2011]	[07:09 25/09/2002]
SAM	--a--c- 24576 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
SECURITY	--a--c- 57344 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
software	--a--c- 36282368 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]
system	--a--c- 6455296 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]

C:\Windows\ERDNT\3-30-2011\Users	d----c-	[04:57 30/03/2011]

C:\Windows\ERDNT\3-30-2011\Users\00000001	d----c-	[04:57 30/03/2011]
ntuser.dat	--a--c- 11128832 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]

C:\Windows\ERDNT\3-30-2011\Users\00000002	d----c-	[04:57 30/03/2011]
UsrClass.dat	--a--c- 241664 bytes	[04:57 30/03/2011]	[04:57 30/03/2011]

C:\Windows\ERDNT\4-3-2011	d----c-	[07:47 03/04/2011]
default	--a--c- 3612672 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
ERDNT.CON	--a--c- 673 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
ERDNT.EXE	--a--c- 163328 bytes	[07:47 03/04/2011]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
ERDNTDOS.LOC	--a--c- 2815 bytes	[07:47 03/04/2011]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[07:47 03/04/2011]	[07:09 25/09/2002]
SAM	--a--c- 24576 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
SECURITY	--a--c- 57344 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
software	--a--c- 36282368 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]
system	--a--c- 6471680 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]

C:\Windows\ERDNT\4-3-2011\Users	d----c-	[07:47 03/04/2011]

C:\Windows\ERDNT\4-3-2011\Users\00000001	d----c-	[07:47 03/04/2011]
ntuser.dat	--a--c- 11128832 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]

C:\Windows\ERDNT\4-3-2011\Users\00000002	d----c-	[07:47 03/04/2011]
UsrClass.dat	--a--c- 245760 bytes	[07:47 03/04/2011]	[07:47 03/04/2011]

C:\Windows\ERDNT\AutoBackup	d----c-	[09:14 06/03/2010]

C:\Windows\ERDNT\AutoBackup\3-31-2012	d----c-	[06:57 31/03/2012]
default	--a--c- 3616768 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
ERDNT.CON	--a--c- 673 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
ERDNT.EXE	--a--c- 163328 bytes	[06:57 31/03/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[06:57 31/03/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[06:57 31/03/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
SECURITY	--a--c- 57344 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
software	--a--c- 38400000 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]
system	--a--c- 8642560 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]

C:\Windows\ERDNT\AutoBackup\3-31-2012\Users	d----c-	[06:57 31/03/2012]

C:\Windows\ERDNT\AutoBackup\3-31-2012\Users\00000001	d----c-	[06:57 31/03/2012]
ntuser.dat	--a--c- 11960320 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]

C:\Windows\ERDNT\AutoBackup\3-31-2012\Users\00000002	d----c-	[06:57 31/03/2012]
UsrClass.dat	--a--c- 450560 bytes	[06:57 31/03/2012]	[06:57 31/03/2012]

C:\Windows\ERDNT\AutoBackup\4-11-2012	d----c-	[04:41 12/04/2012]
default	--a--c- 3616768 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
ERDNT.CON	--a--c- 673 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
ERDNT.EXE	--a--c- 163328 bytes	[04:41 12/04/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[04:41 12/04/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[04:41 12/04/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
SECURITY	--a--c- 57344 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
software	--a--c- 38400000 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]
system	--a--c- 8675328 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-11-2012\Users	d----c-	[04:41 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-11-2012\Users\00000001	d----c-	[04:41 12/04/2012]
ntuser.dat	--a--c- 11980800 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-11-2012\Users\00000002	d----c-	[04:41 12/04/2012]
UsrClass.dat	--a--c- 450560 bytes	[04:41 12/04/2012]	[04:41 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-12-2012	d----c-	[09:14 12/04/2012]
default	--a--c- 3616768 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
ERDNT.CON	--a--c- 673 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
ERDNT.EXE	--a--c- 163328 bytes	[09:14 12/04/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[09:14 12/04/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[09:14 12/04/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
SECURITY	--a--c- 57344 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
software	--a--c- 38400000 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]
system	--a--c- 8679424 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-12-2012\Users	d----c-	[09:14 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-12-2012\Users\00000001	d----c-	[09:14 12/04/2012]
ntuser.dat	--a--c- 11980800 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-12-2012\Users\00000002	d----c-	[09:14 12/04/2012]
UsrClass.dat	--a--c- 450560 bytes	[09:14 12/04/2012]	[09:14 12/04/2012]

C:\Windows\ERDNT\AutoBackup\4-24-2012	d----c-	[05:53 25/04/2012]
default	--a--c- 3616768 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
ERDNT.CON	--a--c- 673 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
ERDNT.EXE	--a--c- 163328 bytes	[05:53 25/04/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[05:53 25/04/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[05:53 25/04/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
SECURITY	--a--c- 57344 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
software	--a--c- 38449152 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]
system	--a--c- 8744960 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]

C:\Windows\ERDNT\AutoBackup\4-24-2012\Users	d----c-	[05:53 25/04/2012]

C:\Windows\ERDNT\AutoBackup\4-24-2012\Users\00000001	d----c-	[05:53 25/04/2012]
ntuser.dat	--a--c- 12099584 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]

C:\Windows\ERDNT\AutoBackup\4-24-2012\Users\00000002	d----c-	[05:53 25/04/2012]
UsrClass.dat	--a--c- 450560 bytes	[05:53 25/04/2012]	[05:53 25/04/2012]

C:\Windows\ERDNT\AutoBackup\4-6-2012	d----c-	[12:48 06/04/2012]
default	--a--c- 3616768 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
ERDNT.CON	--a--c- 673 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
ERDNT.EXE	--a--c- 163328 bytes	[12:48 06/04/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[12:48 06/04/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[12:48 06/04/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
SECURITY	--a--c- 57344 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
software	--a--c- 38400000 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]
system	--a--c- 8671232 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]

C:\Windows\ERDNT\AutoBackup\4-6-2012\Users	d----c-	[12:48 06/04/2012]

C:\Windows\ERDNT\AutoBackup\4-6-2012\Users\00000001	d----c-	[12:48 06/04/2012]
ntuser.dat	--a--c- 11980800 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]

C:\Windows\ERDNT\AutoBackup\4-6-2012\Users\00000002	d----c-	[12:48 06/04/2012]
UsrClass.dat	--a--c- 450560 bytes	[12:48 06/04/2012]	[12:48 06/04/2012]

C:\Windows\ERDNT\AutoBackup\5-12-2012	d----c-	[00:20 13/05/2012]
default	--a--c- 3616768 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
ERDNT.CON	--a--c- 673 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
ERDNT.EXE	--a--c- 163328 bytes	[00:20 13/05/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[00:20 13/05/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[00:20 13/05/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
SECURITY	--a--c- 57344 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
software	--a--c- 38461440 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]
system	--a--c- 8744960 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]

C:\Windows\ERDNT\AutoBackup\5-12-2012\Users	d----c-	[00:20 13/05/2012]

C:\Windows\ERDNT\AutoBackup\5-12-2012\Users\00000001	d----c-	[00:20 13/05/2012]
ntuser.dat	--a--c- 12201984 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]

C:\Windows\ERDNT\AutoBackup\5-12-2012\Users\00000002	d----c-	[00:20 13/05/2012]
UsrClass.dat	--a--c- 450560 bytes	[00:20 13/05/2012]	[00:20 13/05/2012]

C:\Windows\ERDNT\AutoBackup\5-26-2012	d----c-	[08:12 26/05/2012]
default	--a--c- 3616768 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
ERDNT.CON	--a--c- 673 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
ERDNT.EXE	--a--c- 163328 bytes	[08:12 26/05/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[08:12 26/05/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[08:12 26/05/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
SECURITY	--a--c- 57344 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
software	--a--c- 38449152 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]
system	--a--c- 8744960 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]

C:\Windows\ERDNT\AutoBackup\5-26-2012\Users	d----c-	[08:12 26/05/2012]

C:\Windows\ERDNT\AutoBackup\5-26-2012\Users\00000001	d----c-	[08:12 26/05/2012]
ntuser.dat	--a--c- 12197888 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]

C:\Windows\ERDNT\AutoBackup\5-26-2012\Users\00000002	d----c-	[08:12 26/05/2012]
UsrClass.dat	--a--c- 450560 bytes	[08:12 26/05/2012]	[08:12 26/05/2012]

C:\Windows\ERDNT\AutoBackup\5-28-2012	d----c-	[04:39 29/05/2012]
default	--a--c- 3616768 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
ERDNT.CON	--a--c- 673 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
ERDNT.EXE	--a--c- 163328 bytes	[04:39 29/05/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[04:39 29/05/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[04:39 29/05/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
SECURITY	--a--c- 57344 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
software	--a--c- 38449152 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]
system	--a--c- 8744960 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]

C:\Windows\ERDNT\AutoBackup\5-28-2012\Users	d----c-	[04:39 29/05/2012]

C:\Windows\ERDNT\AutoBackup\5-28-2012\Users\00000001	d----c-	[04:39 29/05/2012]
ntuser.dat	--a--c- 12197888 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]

C:\Windows\ERDNT\AutoBackup\5-28-2012\Users\00000002	d----c-	[04:39 29/05/2012]
UsrClass.dat	--a--c- 450560 bytes	[04:39 29/05/2012]	[04:39 29/05/2012]

C:\Windows\ERDNT\AutoBackup\5-8-2012	d----c-	[20:49 08/05/2012]
default	--a--c- 3616768 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
ERDNT.CON	--a--c- 673 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
ERDNT.EXE	--a--c- 163328 bytes	[20:49 08/05/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[20:49 08/05/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[20:49 08/05/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
SECURITY	--a--c- 57344 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
software	--a--c- 38449152 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]
system	--a--c- 8744960 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]

C:\Windows\ERDNT\AutoBackup\5-8-2012\Users	d----c-	[20:49 08/05/2012]

C:\Windows\ERDNT\AutoBackup\5-8-2012\Users\00000001	d----c-	[20:49 08/05/2012]
ntuser.dat	--a--c- 12185600 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]

C:\Windows\ERDNT\AutoBackup\5-8-2012\Users\00000002	d----c-	[20:49 08/05/2012]
UsrClass.dat	--a--c- 450560 bytes	[20:49 08/05/2012]	[20:49 08/05/2012]

C:\Windows\ERDNT\AutoBackup\6-1-2012	d----c-	[07:34 01/06/2012]
default	--a--c- 3616768 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
ERDNT.CON	--a--c- 673 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[07:34 01/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[07:34 01/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[07:34 01/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
SECURITY	--a--c- 57344 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
software	--a--c- 38449152 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]
system	--a--c- 8744960 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]

C:\Windows\ERDNT\AutoBackup\6-1-2012\Users	d----c-	[07:34 01/06/2012]

C:\Windows\ERDNT\AutoBackup\6-1-2012\Users\00000001	d----c-	[07:34 01/06/2012]
ntuser.dat	--a--c- 12197888 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]

C:\Windows\ERDNT\AutoBackup\6-1-2012\Users\00000002	d----c-	[07:34 01/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[07:34 01/06/2012]	[07:34 01/06/2012]

C:\Windows\ERDNT\AutoBackup\6-11-2012	d----c-	[04:02 12/06/2012]
default	--a--c- 3616768 bytes	[04:03 12/06/2012]	[04:03 12/06/2012]
ERDNT.CON	--a--c- 673 bytes	[04:02 12/06/2012]	[04:03 12/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[04:03 12/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[04:02 12/06/2012]	[04:03 12/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[04:03 12/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[04:03 12/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[04:03 12/06/2012]	[04:03 12/06/2012]
SECURITY	--a--c- 57344 bytes	[04:02 12/06/2012]	[04:02 12/06/2012]
software	--a--c- 38518784 bytes	[04:02 12/06/2012]	[04:02 12/06/2012]
system	--a--c- 8744960 bytes	[04:02 12/06/2012]	[04:03 12/06/2012]

C:\Windows\ERDNT\AutoBackup\6-11-2012\Users	d----c-	[04:03 12/06/2012]

C:\Windows\ERDNT\AutoBackup\6-11-2012\Users\00000001	d----c-	[04:03 12/06/2012]
ntuser.dat	--a--c- 12238848 bytes	[04:03 12/06/2012]	[04:03 12/06/2012]

C:\Windows\ERDNT\AutoBackup\6-11-2012\Users\00000002	d----c-	[04:03 12/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[04:03 12/06/2012]	[04:03 12/06/2012]

C:\Windows\ERDNT\AutoBackup\6-14-2012	d----c-	[17:37 14/06/2012]
default	--a--c- 3616768 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
ERDNT.CON	--a--c- 673 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[17:37 14/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[17:37 14/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[17:37 14/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
SECURITY	--a--c- 57344 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
software	--a--c- 38518784 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]
system	--a--c- 8744960 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]

C:\Windows\ERDNT\AutoBackup\6-14-2012\Users	d----c-	[17:37 14/06/2012]

C:\Windows\ERDNT\AutoBackup\6-14-2012\Users\00000001	d----c-	[17:37 14/06/2012]
ntuser.dat	--a--c- 12251136 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]

C:\Windows\ERDNT\AutoBackup\6-14-2012\Users\00000002	d----c-	[17:37 14/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[17:37 14/06/2012]	[17:37 14/06/2012]

C:\Windows\ERDNT\AutoBackup\6-15-2012	d----c-	[07:52 15/06/2012]
default	--a--c- 3616768 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
ERDNT.CON	--a--c- 673 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[07:52 15/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[07:52 15/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[07:52 15/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
SECURITY	--a--c- 57344 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
software	--a--c- 38535168 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]
system	--a--c- 8744960 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]

C:\Windows\ERDNT\AutoBackup\6-15-2012\Users	d----c-	[07:52 15/06/2012]

C:\Windows\ERDNT\AutoBackup\6-15-2012\Users\00000001	d----c-	[07:52 15/06/2012]
ntuser.dat	--a--c- 12259328 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]

C:\Windows\ERDNT\AutoBackup\6-15-2012\Users\00000002	d----c-	[07:52 15/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[07:52 15/06/2012]	[07:52 15/06/2012]

C:\Windows\ERDNT\AutoBackup\6-19-2012	d----c-	[04:23 20/06/2012]
default	--a--c- 3616768 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
ERDNT.CON	--a--c- 673 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[04:23 20/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[04:23 20/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[04:23 20/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
SECURITY	--a--c- 57344 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
software	--a--c- 38576128 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]
system	--a--c- 8749056 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]

C:\Windows\ERDNT\AutoBackup\6-19-2012\Users	d----c-	[04:23 20/06/2012]

C:\Windows\ERDNT\AutoBackup\6-19-2012\Users\00000001	d----c-	[04:23 20/06/2012]
ntuser.dat	--a--c- 12296192 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]

C:\Windows\ERDNT\AutoBackup\6-19-2012\Users\00000002	d----c-	[04:23 20/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[04:23 20/06/2012]	[04:23 20/06/2012]

C:\Windows\ERDNT\AutoBackup\6-30-2012	d----c-	[21:27 30/06/2012]
default	--a--c- 3620864 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
ERDNT.CON	--a--c- 673 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[21:27 30/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[21:27 30/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[21:27 30/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
SECURITY	--a--c- 57344 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
software	--a--c- 38711296 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]
system	--a--c- 8744960 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]

C:\Windows\ERDNT\AutoBackup\6-30-2012\Users	d----c-	[21:27 30/06/2012]

C:\Windows\ERDNT\AutoBackup\6-30-2012\Users\00000001	d----c-	[21:27 30/06/2012]
ntuser.dat	--a--c- 12394496 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]

C:\Windows\ERDNT\AutoBackup\6-30-2012\Users\00000002	d----c-	[21:27 30/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[21:27 30/06/2012]	[21:27 30/06/2012]

C:\Windows\ERDNT\AutoBackup\6-4-2012	d----c-	[21:05 04/06/2012]
default	--a--c- 3616768 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
ERDNT.CON	--a--c- 673 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[21:05 04/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[21:05 04/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[21:05 04/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
SECURITY	--a--c- 57344 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
software	--a--c- 38449152 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]
system	--a--c- 8744960 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]

C:\Windows\ERDNT\AutoBackup\6-4-2012\Users	d----c-	[21:05 04/06/2012]

C:\Windows\ERDNT\AutoBackup\6-4-2012\Users\00000001	d----c-	[21:05 04/06/2012]
ntuser.dat	--a--c- 12206080 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]

C:\Windows\ERDNT\AutoBackup\6-4-2012\Users\00000002	d----c-	[21:05 04/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[21:05 04/06/2012]	[21:05 04/06/2012]

C:\Windows\ERDNT\AutoBackup\6-8-2012	d----c-	[08:44 08/06/2012]
default	--a--c- 3616768 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
ERDNT.CON	--a--c- 673 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
ERDNT.EXE	--a--c- 163328 bytes	[08:44 08/06/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[08:44 08/06/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[08:44 08/06/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
SECURITY	--a--c- 57344 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
software	--a--c- 38518784 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]
system	--a--c- 8744960 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]

C:\Windows\ERDNT\AutoBackup\6-8-2012\Users	d----c-	[08:44 08/06/2012]

C:\Windows\ERDNT\AutoBackup\6-8-2012\Users\00000001	d----c-	[08:44 08/06/2012]
ntuser.dat	--a--c- 12230656 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]

C:\Windows\ERDNT\AutoBackup\6-8-2012\Users\00000002	d----c-	[08:44 08/06/2012]
UsrClass.dat	--a--c- 450560 bytes	[08:44 08/06/2012]	[08:44 08/06/2012]

C:\Windows\ERDNT\AutoBackup\7-10-2012	d----c-	[05:52 11/07/2012]
default	--a--c- 3620864 bytes	[05:53 11/07/2012]	[05:53 11/07/2012]
ERDNT.CON	--a--c- 673 bytes	[05:52 11/07/2012]	[05:53 11/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[05:53 11/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[05:52 11/07/2012]	[05:53 11/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[05:53 11/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[05:53 11/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[05:53 11/07/2012]	[05:53 11/07/2012]
SECURITY	--a--c- 57344 bytes	[05:52 11/07/2012]	[05:52 11/07/2012]
software	--a--c- 38727680 bytes	[05:52 11/07/2012]	[05:52 11/07/2012]
system	--a--c- 8744960 bytes	[05:52 11/07/2012]	[05:53 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-10-2012\Users	d----c-	[05:53 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-10-2012\Users\00000001	d----c-	[05:53 11/07/2012]
ntuser.dat	--a--c- 12517376 bytes	[05:53 11/07/2012]	[05:53 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-10-2012\Users\00000002	d----c-	[05:53 11/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[05:53 11/07/2012]	[05:53 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-11-2012	d----c-	[06:05 11/07/2012]
default	--a--c- 3620864 bytes	[06:06 11/07/2012]	[06:06 11/07/2012]
ERDNT.CON	--a--c- 673 bytes	[06:05 11/07/2012]	[06:06 11/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[06:06 11/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[06:05 11/07/2012]	[06:06 11/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[06:06 11/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[06:06 11/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[06:06 11/07/2012]	[06:06 11/07/2012]
SECURITY	--a--c- 57344 bytes	[06:05 11/07/2012]	[06:05 11/07/2012]
software	--a--c- 38727680 bytes	[06:05 11/07/2012]	[06:06 11/07/2012]
system	--a--c- 8744960 bytes	[06:06 11/07/2012]	[06:06 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-11-2012\Users	d----c-	[06:06 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-11-2012\Users\00000001	d----c-	[06:06 11/07/2012]
ntuser.dat	--a--c- 12517376 bytes	[06:06 11/07/2012]	[06:06 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-11-2012\Users\00000002	d----c-	[06:06 11/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[06:06 11/07/2012]	[06:06 11/07/2012]

C:\Windows\ERDNT\AutoBackup\7-12-2012	d----c-	[06:42 12/07/2012]
default	--a--c- 3620864 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
ERDNT.CON	--a--c- 673 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[06:42 12/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 771 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[06:42 12/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[06:42 12/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
SECURITY	--a--c- 57344 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
software	--a--c- 38727680 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]
system	--a--c- 8753152 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]

C:\Windows\ERDNT\AutoBackup\7-12-2012\Users	d----c-	[06:42 12/07/2012]

C:\Windows\ERDNT\AutoBackup\7-12-2012\Users\00000001	d----c-	[06:42 12/07/2012]
ntuser.dat	--a--c- 12521472 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]

C:\Windows\ERDNT\AutoBackup\7-12-2012\Users\00000002	d----c-	[06:42 12/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[06:42 12/07/2012]	[06:42 12/07/2012]

C:\Windows\ERDNT\AutoBackup\7-13-2012	d----c-	[12:55 13/07/2012]
default	--a--c- 3620864 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
ERDNT.CON	--a--c- 673 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[12:55 13/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[12:55 13/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[12:55 13/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
SECURITY	--a--c- 57344 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
software	--a--c- 38727680 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]
system	--a--c- 8753152 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]

C:\Windows\ERDNT\AutoBackup\7-13-2012\Users	d----c-	[12:55 13/07/2012]

C:\Windows\ERDNT\AutoBackup\7-13-2012\Users\00000001	d----c-	[12:55 13/07/2012]
ntuser.dat	--a--c- 12529664 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]

C:\Windows\ERDNT\AutoBackup\7-13-2012\Users\00000002	d----c-	[12:55 13/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[12:55 13/07/2012]	[12:55 13/07/2012]

C:\Windows\ERDNT\AutoBackup\7-15-2012	d----c-	[22:30 15/07/2012]
default	--a--c- 3620864 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
ERDNT.CON	--a--c- 673 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[22:30 15/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[22:30 15/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[22:30 15/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
SECURITY	--a--c- 57344 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
software	--a--c- 38727680 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]
system	--a--c- 8744960 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]

C:\Windows\ERDNT\AutoBackup\7-15-2012\Users	d----c-	[22:30 15/07/2012]

C:\Windows\ERDNT\AutoBackup\7-15-2012\Users\00000001	d----c-	[22:30 15/07/2012]
ntuser.dat	--a--c- 12529664 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]

C:\Windows\ERDNT\AutoBackup\7-15-2012\Users\00000002	d----c-	[22:30 15/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[22:30 15/07/2012]	[22:30 15/07/2012]

C:\Windows\ERDNT\AutoBackup\7-2-2012	d----c-	[23:31 02/07/2012]
default	--a--c- 3620864 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
ERDNT.CON	--a--c- 673 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[23:31 02/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[23:31 02/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[23:31 02/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
SECURITY	--a--c- 57344 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
software	--a--c- 38711296 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]
system	--a--c- 8744960 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]

C:\Windows\ERDNT\AutoBackup\7-2-2012\Users	d----c-	[23:31 02/07/2012]

C:\Windows\ERDNT\AutoBackup\7-2-2012\Users\00000001	d----c-	[23:31 02/07/2012]
ntuser.dat	--a--c- 12402688 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]

C:\Windows\ERDNT\AutoBackup\7-2-2012\Users\00000002	d----c-	[23:31 02/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[23:31 02/07/2012]	[23:31 02/07/2012]

C:\Windows\ERDNT\AutoBackup\7-22-2012	d----c-	[21:23 22/07/2012]
default	--a--c- 3620864 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
ERDNT.CON	--a--c- 673 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[21:23 22/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[21:23 22/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[21:23 22/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
SECURITY	--a--c- 57344 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
software	--a--c- 38727680 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]
system	--a--c- 8749056 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]

C:\Windows\ERDNT\AutoBackup\7-22-2012\Users	d----c-	[21:23 22/07/2012]

C:\Windows\ERDNT\AutoBackup\7-22-2012\Users\00000001	d----c-	[21:23 22/07/2012]
ntuser.dat	--a--c- 12550144 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]

C:\Windows\ERDNT\AutoBackup\7-22-2012\Users\00000002	d----c-	[21:23 22/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[21:23 22/07/2012]	[21:23 22/07/2012]

C:\Windows\ERDNT\AutoBackup\7-4-2012	d----c-	[02:23 05/07/2012]
default	--a--c- 3620864 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
ERDNT.CON	--a--c- 673 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[02:23 05/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[02:23 05/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[02:23 05/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
SECURITY	--a--c- 57344 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
software	--a--c- 38711296 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]
system	--a--c- 8744960 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-4-2012\Users	d----c-	[02:23 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-4-2012\Users\00000001	d----c-	[02:23 05/07/2012]
ntuser.dat	--a--c- 12419072 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-4-2012\Users\00000002	d----c-	[02:23 05/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[02:23 05/07/2012]	[02:23 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-5-2012	d----c-	[08:07 05/07/2012]
default	--a--c- 3620864 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
ERDNT.CON	--a--c- 673 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
ERDNT.EXE	--a--c- 163328 bytes	[08:07 05/07/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[08:07 05/07/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[08:07 05/07/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
SECURITY	--a--c- 57344 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
software	--a--c- 38727680 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]
system	--a--c- 8744960 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-5-2012\Users	d----c-	[08:07 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-5-2012\Users\00000001	d----c-	[08:07 05/07/2012]
ntuser.dat	--a--c- 12488704 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]

C:\Windows\ERDNT\AutoBackup\7-5-2012\Users\00000002	d----c-	[08:07 05/07/2012]
UsrClass.dat	--a--c- 450560 bytes	[08:07 05/07/2012]	[08:07 05/07/2012]

C:\Windows\ERDNT\AutoBackup\8-1-2012	d----c-	[08:04 01/08/2012]
default	--a--c- 3620864 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
ERDNT.CON	--a--c- 673 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
ERDNT.EXE	--a--c- 163328 bytes	[08:04 01/08/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[08:04 01/08/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[08:04 01/08/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
SECURITY	--a--c- 57344 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
software	--a--c- 38711296 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]
system	--a--c- 8749056 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]

C:\Windows\ERDNT\AutoBackup\8-1-2012\Users	d----c-	[08:04 01/08/2012]

C:\Windows\ERDNT\AutoBackup\8-1-2012\Users\00000001	d----c-	[08:04 01/08/2012]
ntuser.dat	--a--c- 12578816 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]

C:\Windows\ERDNT\AutoBackup\8-1-2012\Users\00000002	d----c-	[08:04 01/08/2012]
UsrClass.dat	--a--c- 450560 bytes	[08:04 01/08/2012]	[08:04 01/08/2012]

C:\Windows\ERDNT\AutoBackup\8-12-2012	d----c-	[19:46 12/08/2012]
default	--a--c- 3620864 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
ERDNT.CON	--a--c- 673 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
ERDNT.EXE	--a--c- 163328 bytes	[19:46 12/08/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[19:46 12/08/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[19:46 12/08/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
SECURITY	--a--c- 57344 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
software	--a--c- 38711296 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]
system	--a--c- 8744960 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]

C:\Windows\ERDNT\AutoBackup\8-12-2012\Users	d----c-	[19:46 12/08/2012]

C:\Windows\ERDNT\AutoBackup\8-12-2012\Users\00000001	d----c-	[19:46 12/08/2012]
ntuser.dat	--a--c- 12619776 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]

C:\Windows\ERDNT\AutoBackup\8-12-2012\Users\00000002	d----c-	[19:46 12/08/2012]
UsrClass.dat	--a--c- 450560 bytes	[19:46 12/08/2012]	[19:46 12/08/2012]

C:\Windows\ERDNT\AutoBackup\8-2-2012	d----c-	[16:29 02/08/2012]
default	--a--c- 3620864 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
ERDNT.CON	--a--c- 673 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
ERDNT.EXE	--a--c- 163328 bytes	[16:29 02/08/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 770 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[16:29 02/08/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[16:29 02/08/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
SECURITY	--a--c- 57344 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
software	--a--c- 38711296 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]
system	--a--c- 8749056 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]

C:\Windows\ERDNT\AutoBackup\8-2-2012\Users	d----c-	[16:29 02/08/2012]

C:\Windows\ERDNT\AutoBackup\8-2-2012\Users\00000001	d----c-	[16:29 02/08/2012]
ntuser.dat	--a--c- 12587008 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]

C:\Windows\ERDNT\AutoBackup\8-2-2012\Users\00000002	d----c-	[16:29 02/08/2012]
UsrClass.dat	--a--c- 450560 bytes	[16:29 02/08/2012]	[16:29 02/08/2012]

C:\Windows\ERDNT\AutoBackup\8-5-2012	d----c-	[11:23 05/08/2012]
default	--a--c- 3620864 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
ERDNT.CON	--a--c- 673 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
ERDNT.EXE	--a--c- 163328 bytes	[11:23 05/08/2012]	[16:02 20/10/2005]
ERDNT.INF	--a--c- 769 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[11:23 05/08/2012]	[07:11 25/09/2002]
ERDNTWIN.LOC	--a--c- 3275 bytes	[11:23 05/08/2012]	[07:09 25/09/2002]
SAM	--a--c- 28672 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
SECURITY	--a--c- 57344 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
software	--a--c- 38711296 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]
system	--a--c- 8744960 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]

C:\Windows\ERDNT\AutoBackup\8-5-2012\Users	d----c-	[11:23 05/08/2012]

C:\Windows\ERDNT\AutoBackup\8-5-2012\Users\00000001	d----c-	[11:23 05/08/2012]
ntuser.dat	--a--c- 12599296 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]

C:\Windows\ERDNT\AutoBackup\8-5-2012\Users\00000002	d----c-	[11:23 05/08/2012]
UsrClass.dat	--a--c- 450560 bytes	[11:23 05/08/2012]	[11:23 05/08/2012]

C:\Windows\ERDNT\cache	d----c-	[07:19 20/11/2009]
acpiec.sys	--a--c- 11648 bytes	[07:19 20/11/2009]	[12:00 28/02/2006]
aec.sys	--a--c- 142592 bytes	[07:19 20/11/2009]	[16:39 13/04/2008]
agp440.sys	--a--c- 42368 bytes	[07:19 20/11/2009]	[18:36 13/04/2008]
appmgmts.dll	--a--c- 167936 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
asyncmac.sys	--a--c- 14336 bytes	[07:19 20/11/2009]	[18:57 13/04/2008]
atapi.sys	--a--c- 96512 bytes	[07:19 20/11/2009]	[18:40 13/04/2008]
beep.sys	--a--c- 4224 bytes	[07:19 20/11/2009]	[12:00 28/02/2006]
browser.dll	--a--c- 77824 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
comctl32.dll	--a--c- 617472 bytes	[07:19 20/11/2009]	[16:12 23/08/2010]
comres.dll	--a--c- 792064 bytes	[20:35 02/01/2012]	[00:11 14/04/2008]
cryptsvc.dll	--a--c- 62464 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
ctfmon.exe	--a--c- 15360 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
d3d9.dll	--a--c- 1689088 bytes	[06:50 19/11/2010]	[00:11 14/04/2008]
ddraw.dll	--a--c- 279552 bytes	[06:50 19/11/2010]	[00:11 14/04/2008]
dsound.dll	--a--c- 367616 bytes	[06:50 19/11/2010]	[00:11 14/04/2008]
es.dll	--a--c- 253952 bytes	[07:19 20/11/2009]	[20:26 07/07/2008]
eventlog.dll	--a--c- 56320 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
explorer.exe	--a---- 1033728 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
FD_Cache.md5	--a--c- 2754 bytes	[20:35 02/01/2012]	[05:55 20/02/2012]
firefox.exe	--a--c- 924632 bytes	[06:50 19/11/2010]	[02:24 18/02/2012]
hnetcfg.dll	--a--c- 344064 bytes	[20:35 02/01/2012]	[00:11 14/04/2008]
iexplore.exe	--a--c- 638816 bytes	[06:50 19/11/2010]	[18:09 08/03/2009]
imm32.dll	--a--c- 110080 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
ip6fw.sys	--a--c- 36608 bytes	[07:19 20/11/2009]	[18:53 13/04/2008]
ipsec.sys	--a--c- 75264 bytes	[20:35 02/01/2012]	[19:19 13/04/2008]
kbdclass.sys	--a--c- 24576 bytes	[07:19 20/11/2009]	[18:39 13/04/2008]
kernel32.dll	--a--c- 989696 bytes	[07:19 20/11/2009]	[14:06 21/03/2009]
ksuser.dll	--a--c- 4096 bytes	[20:35 02/01/2012]	[00:11 14/04/2008]
linkinfo.dll	--a--c- 19968 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
lpk.dll	--a--c- 22016 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
lsass.exe	--a--c- 13312 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
mfc40u.dll	--a--c- 953856 bytes	[07:19 20/11/2009]	[06:53 18/09/2010]
midimap.dll	--a--c- 18944 bytes	[20:35 02/01/2012]	[00:11 14/04/2008]
msgsvc.dll	--a--c- 33792 bytes	[07:19 20/11/2009]	[00:11 14/04/2008]
mshtml.dll	--a--c- 5978112 bytes	[07:19 20/11/2009]	[19:20 04/11/2011]
mspmsnsv.dll	--a--c- 27136 bytes	[07:19 20/11/2009]	[01:47 19/10/2006]
msvcrt.dll	--a--c- 343040 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
mswsock.dll	--a--c- 245248 bytes	[07:19 20/11/2009]	[16:02 20/06/2008]
ndis.sys	--a--c- 182656 bytes	[07:19 20/11/2009]	[19:20 13/04/2008]
netlogon.dll	--a--c- 407040 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
netman.dll	--a--c- 198144 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
ntfs.sys	--a--c- 574976 bytes	[07:19 20/11/2009]	[19:15 13/04/2008]
ntkrnlpa.exe	--a--c- 2027008 bytes	[07:19 20/11/2009]	[12:52 25/10/2011]
ntmssvc.dll	--a--c- 435200 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
ntoskrnl.exe	--a--c- 2148864 bytes	[07:19 20/11/2009]	[13:37 25/10/2011]
null.sys	--a--c- 2944 bytes	[07:19 20/11/2009]	[12:00 28/02/2006]
ole32.dll	--a--c- 1288704 bytes	[06:50 19/11/2010]	[16:07 01/11/2011]
olepro32.dll	--a--c- 84992 bytes	[06:50 19/11/2010]	[00:12 14/04/2008]
perfctrs.dll	--a--c- 39936 bytes	[06:50 19/11/2010]	[00:12 14/04/2008]
powrprof.dll	--a--c- 17408 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
qmgr.dll	--a--c- 409088 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
rasadhlp.dll	--a--c- 7680 bytes	[20:35 02/01/2012]	[00:12 14/04/2008]
regedit.exe	--a--c- 146432 bytes	[20:35 02/01/2012]	[00:12 14/04/2008]
regsvc.dll	--a--c- 59904 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
rpcss.dll	--a--c- 401408 bytes	[07:19 20/11/2009]	[12:10 09/02/2009]
scecli.dll	--a--c- 181248 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
schedsvc.dll	--a--c- 192512 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
services.exe	--a--c- 110592 bytes	[07:19 20/11/2009]	[11:11 06/02/2009]
sfc.dll	--a--c- 5120 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
sfcfiles.dll	--a--c- 1614848 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
shsvcs.dll	--a--c- 135168 bytes	[07:19 20/11/2009]	[23:17 27/07/2009]
spoolsv.exe	--a--c- 58880 bytes	[07:19 20/11/2009]	[13:17 17/08/2010]
srsvc.dll	--a--c- 171008 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
ssdpsrv.dll	--a--c- 71680 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
svchost.exe	--a--c- 14336 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
tapisrv.dll	--a--c- 249856 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
tcpip.sys	--a--c- 361600 bytes	[07:19 20/11/2009]	[11:51 20/06/2008]
termsrv.dll	--a--c- 295424 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
upnphost.dll	--a--c- 185856 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
user32.dll	--a--c- 578560 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
userinit.exe	--a--c- 26112 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
usp10.dll	--a--c- 406016 bytes	[20:35 02/01/2012]	[15:36 16/04/2010]
version.dll	--a--c- 18944 bytes	[06:50 19/11/2010]	[00:12 14/04/2008]
w32time.dll	--a--c- 175104 bytes	[20:35 02/01/2012]	[00:12 14/04/2008]
wiaservc.dll	--a--c- 333824 bytes	[20:35 02/01/2012]	[00:12 14/04/2008]
wininet.dll	--a--c- 916992 bytes	[07:19 20/11/2009]	[19:20 04/11/2011]
winlogon.exe	--a--c- 507904 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
ws2help.dll	--a--c- 19968 bytes	[06:50 19/11/2010]	[00:12 14/04/2008]
ws2_32.dll	--a--c- 82432 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
wscntfy.exe	--a--c- 13824 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]
wuauclt.exe	--a--c- 53472 bytes	[07:19 20/11/2009]	[23:24 06/08/2009]
xmlprov.dll	--a--c- 129024 bytes	[07:19 20/11/2009]	[00:12 14/04/2008]

C:\Windows\ERDNT\Hiv-backup	d----c-	[07:07 20/11/2009]
default	--a--c- 3616768 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
ERDNT.CON	--a--c- 673 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
ERDNT.EXE	--a--c- 163328 bytes	[07:07 20/11/2009]	[12:02 20/10/2005]
ERDNT.INF	--a--c- 1245 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
ERDNTDOS.LOC	--a--c- 2815 bytes	[07:07 20/11/2009]	[00:00 31/08/2000]
ERDNTWIN.LOC	--a--c- 3275 bytes	[07:07 20/11/2009]	[00:00 31/08/2000]
SAM	--a--c- 28672 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
SECURITY	--a--c- 57344 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
software	--a--c- 38400000 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]
system	--a--c- 6914048 bytes	[07:07 20/11/2009]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users	d----c-	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000001	d----c-	[05:48 20/02/2012]
NTUSER.DAT	--a--c- 229376 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000002	d----c-	[05:48 20/02/2012]
UsrClass.dat	--a--c- 8192 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000003	d----c-	[05:48 20/02/2012]
ntuser.dat	--a--c- 229376 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000004	d----c-	[05:48 20/02/2012]
UsrClass.dat	--a--c- 8192 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000005	d----c-	[05:48 20/02/2012]
ntuser.dat	--a--c- 11837440 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

C:\Windows\ERDNT\Hiv-backup\Users\00000006	d----c-	[05:48 20/02/2012]
UsrClass.dat	--a--c- 282624 bytes	[05:48 20/02/2012]	[05:48 20/02/2012]

-= EOF =-


----------



## ep2002 (Oct 31, 2006)

Sorry, I can't tell if something is very large until I've already saved it.

I've attached it here as well.

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

Okay, that is a lot more than was showing in your OTL log, so we'll go from the screenshots 

So, looking at them, these are not needed at startup (I left out the ones you want to keep):

BrMfcWnd - Related to Brother Scanner status monitor - can be started manually.
brctrcen - Related to Brother Brother scanner 'Control Center' application; can be started manually.
BrStMonW - Related to Brother Industries, Ltd. Brother MFC printer application.
reader_sl - Related to Adobe_Reader Speeds up the time it takes to load the application. Your choice, but not required for Adobe Reader to function properly.
CLISTART - Related to ATI Technologies Inc. Puts the ATI Catalyst Control Center Icon/Shortcut on the System Tray
qttask - System Tray access to Apple's "Quick Time" viewer from version 5 onwards
WSHelper - Related to Wondershare Wondershare Helper Compact software applications.
jusched - Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
Skype - "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"

---------

Now, the ERUNT tool. Basically in the log you posted, its saved a backup of at least 32 times (there may have been more) and this is resulting in nearly two gig's of space.

My suggestion, if you still want to keep the tool, is to remove it from startup and only run it when you're about to do something like install some software etc.

Or just completly uninstall it.

This is its entry in the MSCONFIG:

*ERUNT AutoBackup*

----

With Paint, normally when you browse to a different folder to save the files in, it should remember that for the next time.


----------



## ep2002 (Oct 31, 2006)

Ok, all done. I left Skype as I use it daily. Also left the Reader one as it takes a long time for it to load a PDF file, I don't want it taking even longer 

As for Erunt, why are there 2 entries? The 2nd one wasn't checked off, the first one in the list was. I unchecked it. I don't even know what it does 

Re: Paint, no it's not doing that  Can you fix that?

Thanks & hope you had a good wknd.


Michelle


----------



## ep2002 (Oct 31, 2006)

Things are getting VERY bad 

Fx is useless, I can barely work. Pages don't load fully, links don't load the page, I can't type as the computer seizes up every 2 minutes. So I can't work.

It takes forever to load the pages when they are loading & this is even happening with only 2 windows open.

I even defragged 2 days ago & that seemed to make things worse 

Chrome is slightly better, but not by much.

I'm also losing control of the mouse or programs. I have to wait several minutes for whatever is hanging it to clear up.

If this is the MB again I'll freak as I can't afford to get a new one after just putting it in what, a few months ago?


----------



## eddie5659 (Mar 19, 2001)

I have a way to solve the Paint thing, but I feel its not a major issue at the moment. Plus, I need to test it out on a computer, and my laptop runs Vista so will try it on there.

Will re-read a few things on the latest problem you posted, as it may be a driver issue. Back in a bit..definatly tonight


----------



## eddie5659 (Mar 19, 2001)

Okay, I know this is very far back, but look at this picture you posted:

http://forums.techguy.org/8213515-post24.html

Are you still getting these, or very similar? If so, I may have a way round this.

Now, this isn't a fix but a workaround. I won't post this until we've tried other things, but if you are still getting the script messages, let me know and we'll try it 

=======================

However, I have a feeling it may be related to something else. Apart from the MB that was replaced, and the grapics card, is this all the same, give or take?

http://speccy.piriform.com/results/xOeMISiTtcD3VF08kzRVGSZ

As in the hardDrive:

488GB Seagate ST3500418AS (ATA):

If so, we may need to check to see if its failing. I'll wait until you reply about the drive before I get the diagnostic tool.

--

Did you ever run Memtest as mentioned here:

http://forums.techguy.org/8257347-post83.html

You don't need to remove the ram, you can leave all in the computer whilst you run the tests.

--

Plus, I was looking here again:

http://support.mozilla.org/en-US/kb...cale=en-US&redirectslug=Basic+Troubleshooting

Have you tried the plugins, as mentioned here:

http://support.mozilla.org/en-US/kb...Troubleshooting#w_5-troubleshoot-your-plugins

If the crashes are not happening with the addons disabled, then we will have an idea what could be causing the problems.

eddie


----------



## ep2002 (Oct 31, 2006)

OMG, look what I just read on a forum that isn't even for tech support.

Can you tell me how to do this carefully, it sounds like what I'm going through...

"Sounds like a specific type of malware attack that was going around last month that used the ports opened by bittorrent clients as a backdoor (not part of the bittorrent client itself or your deliberately-launched torrents engaging in malicious activity). Same thing that was masquerading as Flash updates for some users (I ran into about half a dozen cases of this last month).

Easiest fix I found was to just boot the machine into Safe Mode, launch the Run cmd window, and input:
sfc /scannow
Then hit Enter. Let it do its thing and reboot. Nice when you can fix things without external tools. 

Glad to help! Most AVs missed that one because it installed itself differently every time, IIRC.

Edit: Check your temp (Run -> %TEMP%) files and delete anything in exe format. "

More info from the thread...

"Killed 3 InstallflashPlayer.exe's dated all around 7.20.2012 and rebooted.. took a bit to process auto starts but all clear. "


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Okay, I know this is very far back, but look at this picture you posted:
> 
> http://forums.techguy.org/8213515-post24.html
> 
> ...


YES & in fact about an hour ago they started coming in droves. I hadn't had them crop up in a while, but the minute you posted that I started getting them again LOL

I've had them since that SS you sent me. I just didn't tell you about them b/c I had already mentioned it a couple of times.

Thanks

Michelle


----------



## ep2002 (Oct 31, 2006)

Ok, the HD is pretty new. I got it just before I moved, so about 1 1/2 to 1 3/4 years old.

Here's the latest details of my hardware - http://speccy.piriform.com/results/8Lni2JjEK4UJvhCdvDJocOz

Michelle
P.S. the first time I ran speccy it said the graphics card wasn't showing up which scared me, but that could have been b/c Online Armor was pulling it up as a suspcious entry. I did allow it, but who knows.

The 2nd time I ran Speccy it worked for the graphics card. I hope it was just Online Armor.


----------



## ep2002 (Oct 31, 2006)

Oh gawd, things are getting REALLY bad. I can barely work now & I have to make a living 

Even when I'm not using Fx the computer just seizes up & I have to wait 1-2 minutes before I can gain control again.

Before when this happened it would only happen once or twice a day & the rest of the day was fine, this is happening every 10-20 minutes


----------



## eddie5659 (Mar 19, 2001)

Sorry, been away for a few days as it was the bank holiday weekend, so took some time off



> "Sounds like a specific type of malware attack that was going around last month that used the ports opened by bittorrent clients as a backdoor (not part of the bittorrent client itself or your deliberately-launched torrents engaging in malicious activity). Same thing that was masquerading as Flash updates for some users (I ran into about half a dozen cases of this last month).
> 
> Easiest fix I found was to just boot the machine into Safe Mode, launch the Run cmd window, and input:
> sfc /scannow
> ...


Do you use any Torrent programs, because if you do this may be the reason for the slowness? If you do, we can't help on the usage, as 99% of the time, the stuff downloaded is illegle.

Can you post a fresh list of your installed programs:

Open HijackThis, click Config, click Misc Tools 
Click "*Open Uninstall Manager*" 
Click "Save List" (generates *uninstall_list.txt*) 
Click Save, copy and paste the results in your next post.

---

As for the sfc scan, we can definatly do that, as follows:

Okay, lets try this first.

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

----------

As for emtyping the temp files, we've already run a few tools that clear them out, so there shouldn't be anything in there.

--------

We'll look at the scripting thing, after you've run the sfc scan as above 

If the harddrive is new, then the likelehood of that dying is pretty slim.

Do the sfc scan as above, reboot afterwards and let me know if that helps.


----------



## ep2002 (Oct 31, 2006)

Sorry for the delay, it's been a very rough couple of weeks for me.

I'm not running utorrent on my desktop, only on my laptop, but I do transfer files via a stick from the laptop to my desktop.

Here's the HJT data.

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ASUS Enhanced Display Driver
ASUS GameFace Live
ASUS SmartDoctor
ASUS Utilities
ASUS Video Security
Audacity 1.2.6
Aurora Password Manager
Auslogics Disk Defrag
Avira Free Antivirus
Belarc Advisor 8.1
Bonjour
Brother MFL-Pro Suite
Brother MFL-Pro Suite MFC-J615W
calibre
Catalyst Control Center - Branding
CCleaner
CCScore
Choice Guard
Cisco Connect
Compatibility Pack for the 2007 Office system
Corel WordPerfect Suite 8
CrashPlan
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Domain Name Analyzer v4.1.022207
Download Updater (AOL LLC)
Doxillion Document Converter
Driver Genius Professional Edition
ERUNT 1.1j
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
EULAlyzer v1.2
Evernote
FileChecker v1.7
FlashFXP v3
Garmin City Navigator North America NT 2011.10 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToAssist Corporate
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 5.3
HP Image Zone Express
ICQ6
ID-Blaster Plus v2.0
iLinc 11 Client
ImgBurn
Instant Content Curator Pro
Instant Content Curator Pro
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
Java(TM) 7 Update 5
Kodak EasyShare software
KODAK Share Button App
LastPass (uninstall only)
Link Bounder
Link Bounder
Link Partner Analyzer
LogMeIn
Maestro Connector
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monitor Calibration Wizard 1.0
MozBackup 1.5.1
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0 (x86 en-US)
MS Extra links
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NVIDIA Drivers
OfotoXMI
Online Armor 5.5
OpenOffice.org 3.3
OverDrive Media Console
pdfFactory
Personal Assistant
PL-2303 USB-to-Serial
QuickBooks Pro Edition 2007
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.4.3
RingCentral Call Controller
Rootkit Unhooker LE 3.8 SR 2
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Skype&#8482; 5.10
SmartDraw PDF Export (novaPDF 6.4 printer)
Speccy
SpywareBlaster 4.3
staticcr
StudioTax 2010
swMSM
System Requirements Lab for Intel
TeamViewer 6
TeamViewer 7
TweetDeck
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 2.0.2
VPRINTOL
WebEx
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.2
WIRELESS
Wondershare PDF to Word (Build 3.6.0)
Yahoo! Messenger


----------



## ep2002 (Oct 31, 2006)

I'm not going to be able to do that 2nd step <sigh>

I found out back when I had to deal with the MB that the copy of Windows on my computer isn't the same as the disk I have.

It's an OEM copy.

From what I remember, the guy who installed my new HD 2 years ago ghosted the HD that needed replacing & he put his own OEM copy on my computer b/c I didn't have my disk with me since I didn't know he needed it nor did I want to have to reinstall all the programs, etc.

So now when I put the disk in, that command is telling me it's the wrong one 

I assume it's b/c of that.


----------



## eddie5659 (Mar 19, 2001)

What happens if you try it without the disk? Sometimes, if Windows is preinstalled on a system, sfc will access the i386 folder, which contains all the relevent cab files, found on a disk.


----------



## ep2002 (Oct 31, 2006)

I tried it without the disk first, same issue.


----------



## eddie5659 (Mar 19, 2001)

Then, I think that you won't be able to run SFC 

Looking back here, there are still some things I was curious about, but you may have missed them:

http://forums.techguy.org/8448827-post219.html

Memtest is the main one, plus the plugins part for Firefox, just underneath. Have you done any of them?

--------------------

Also, can you do this as well:


Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:
Double-click *VEW.exe*
Under 'Select log to query', select:
*Application*
*System*

Under 'Select type to list', select:
*Error*
*Information*
*Warning*


Click the radio button for 'Number of events'
Type *10* in the 1 to 20 box
Then click the *Run* button.
Notepad will open with the output log.


----------



## ep2002 (Oct 31, 2006)

Oh gawd, sorry for the delay. It's been one thing after another with me.

1. I'm still getting those script errors. A lot last week.
2. I just got this blue screen error & I got last week as well, but never wrote it down. Here it is...

A problem has been detected & Windows has been shut down to prevent damage.

If this is the first time you have seen this stop error screen, restart your computer. If this screen appears again, follow these steps.

Check to be sure you have adequate disk space. If a driver is identified in this stop messages, disable the driver or check with the manufactures for driver updates. Try changing video adapters. Check with your hardware vendor for any bios updates. Disable bios memory options such as caching or shadowing.

If you need to use safe mode to remove or disable components, restart your computer, press tech info:

Stop: OX0000007E
(OXC000005, OX000000000, OXBA517AC0, OXBA5177BC)

And now my HD is making noises & there's no way for me to replace it  It's only 2 years old. I got it replaced just b4 I moved


----------



## ep2002 (Oct 31, 2006)

Ok, I had to find a CD. Found that, but the instructions on that page aren't matching up to what's happening on my end.

The zipped file that was DLed comes out as memtest86+-4.20.iso(1).zip

When I extract it to the folder I have for this memory test, it extracts as mt420.iso

This name you gave me isn't mentioned anywhere - memtest86+-2.11 RED

Do you want me to burn that mt420.iso to the disk?


----------



## ep2002 (Oct 31, 2006)

As far as the plugins, I did try that & I believe it helped some allowing the windows to stay up longer, but I can't work without at least 4 of the plugins I have which are:

LastPass
ReminderFox
Roomy Bookmarks Toolbar

Actually that's 3. I got rid of the rest.

I'm able to get to around 20 windows open now without crashing. Still not great as I was able to get to 40 windows prior to Fx's new updates.

It's not even Fx being the issue anymore, I'm even having problems with Chrome now & some crashing with folders I normally have open. I have a lot of windows open with folders.


----------



## ep2002 (Oct 31, 2006)

Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/10/2012 8:53:11 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/10/2012 6:38:52 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 6:36:47 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 6:10:46 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:53:28 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:48:43 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:45:46 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:39:40 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:36:29 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:36:28 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

Log: 'Application' Date/Time: 04/10/2012 5:36:24 AM
Type: error Category: 0
Event: 12292 Source: VSS
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007000e].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2012 8:11:03 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 07/10/2012 8:11:01 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 07/10/2012 8:07:36 AM
Type: information Category: 2
Event: 2444 Source: MSDTC
MS DTC started with the following settings:

Security Configuration (OFF = 0 and ON = 1):
Network Administration of Transactions = 0,
Network Clients = 0,
Inbound Distributed Transactions using Native MSDTC Protocol = 0,
Outbound Distributed Transactions using Native MSDTC Protocol = 0,
Transaction Internet Protocol (TIP) = 0,
XA Transactions = 0

Log: 'Application' Date/Time: 07/10/2012 8:04:31 AM
Type: information Category: 1
Event: 101 Source: SkypeUpdate
Service stopped.

Log: 'Application' Date/Time: 07/10/2012 8:04:30 AM
Type: information Category: 1
Event: 103 Source: SkypeUpdate
SkypeUpdate service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 07/10/2012 8:02:18 AM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 07/10/2012 8:02:10 AM
Type: information Category: 1
Event: 100 Source: SkypeUpdate
Service started.

Log: 'Application' Date/Time: 07/10/2012 8:02:05 AM
Type: information Category: 0
Event: 0 Source: gupdate
The event description cannot be found.

Log: 'Application' Date/Time: 07/10/2012 8:02:02 AM
Type: information Category: 1
Event: 4096 Source: Avira Antivirus
The AntiVir service has been started successfully!

Log: 'Application' Date/Time: 07/10/2012 8:02:02 AM
Type: information Category: 0
Event: 1 Source: Bonjour Service
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/10/2012 4:59:04 AM
Type: warning Category: 1
Event: 4130 Source: Avira Antivirus
Engine and VDF could not be loaded from installation directory. Engine and VDF will be loaded from a backup copy.

Log: 'Application' Date/Time: 04/10/2012 6:38:52 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 91 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x0112a0000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x0118f7000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07de35000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 6:36:47 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 90 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x01464d000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x014369000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07da86000 Process Name: svchost.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 6:10:46 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 91 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x01265d000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x0129ce000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07ddb5000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:53:28 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 93 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x00de6d000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x00ff1a000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07de75000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:48:43 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 94 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x00c6b1000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x00f6c6000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07de75000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:45:46 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 91 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x012b39000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x014a9b000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07da86000 Process Name: svchost.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:39:40 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 92 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x00f7d9000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x014228000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07da86000 Process Name: svchost.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:36:29 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 93 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x00cecd000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x0100dd000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07de35000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

Log: 'Application' Date/Time: 04/10/2012 5:36:28 AM
Type: warning Category: 107
Event: 4830 Source: COM+
COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 93 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x00ce30000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x010153000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07de35000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 8:27:46 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:27:45 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:12:57 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:12:55 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:09:59 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:09:58 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:07:44 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 07/10/2012 8:07:43 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 06/10/2012 6:32:20 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

Log: 'System' Date/Time: 06/10/2012 6:32:18 AM
Type: error Category: 0
Event: 111 Source: Removable Storage Service
RSM could not load media in drive Drive 0 of library Kingston DT 101 G2 USB Device.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 8:48:05 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The MBAMSwissArmy service was successfully sent a start control.

Log: 'System' Date/Time: 07/10/2012 8:37:07 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 07/10/2012 8:37:00 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 07/10/2012 8:37:00 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 07/10/2012 8:28:18 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Removable Storage service entered the stopped state.

Log: 'System' Date/Time: 07/10/2012 8:28:18 AM
Type: information Category: 0
Event: 98 Source: Removable Storage Service
RSM was stopped.

Log: 'System' Date/Time: 07/10/2012 8:27:45 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Removable Storage service entered the running state.

Log: 'System' Date/Time: 07/10/2012 8:27:44 AM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Removable Storage service was successfully sent a start control.

Log: 'System' Date/Time: 07/10/2012 8:25:59 AM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Removable Storage service entered the stopped state.

Log: 'System' Date/Time: 07/10/2012 8:25:59 AM
Type: information Category: 0
Event: 98 Source: Removable Storage Service
RSM was stopped.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2012 12:17:56 AM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82566DC Gigabit Network Connection Link has been disconnected.

Log: 'System' Date/Time: 05/10/2012 2:54:10 AM
Type: warning Category: 0
Event: 27 Source: e1express
Intel(R) 82566DC Gigabit Network Connection Link has been disconnected.

Log: 'System' Date/Time: 02/10/2012 10:23:33 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 01/10/2012 9:57:12 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 01/10/2012 9:22:09 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 28/09/2012 5:05:57 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 28/09/2012 2:37:34 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 27/09/2012 3:31:04 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 25/09/2012 4:44:56 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<taskmgr.exe> C:\...ons\ICCPro\ICCPro.exe

Log: 'System' Date/Time: 24/09/2012 8:10:15 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<taskmgr.exe> C:\...ons\ICCPro\ICCPro.exe


----------



## ep2002 (Oct 31, 2006)

So I think that's about it for now.

The HD isn't making that noise anymore. I heard it one more time & then it went quiet.

I hope you are doing well, sorry for the delay.

Thank you


Michelle


----------



## eddie5659 (Mar 19, 2001)

That's okay about the lateness, we all have lives outside of these forums, or as I try to if I can get away 

For the blue screen, when did you get it? Were you on the internet, watching a film, or using a particular piece of software?

Now, you said your harddrive is making strange noises. I know its not that old, but looking at your latest Speccy, this is what you have:

488GB Seagate ST3500418AS (SATA)

So, this is SeaTools:

http://www.seagate.com/support/inte...prise-hard-drives/saturn/seatools-win-master/

This is about it:

http://knowledge.seagate.com/articles/en_US/FAQ/202435en?language=en_US

It may seem lengthy, but it is best to read it.

Then, run the *Short Drive Self Test* first, and tell me what the result was.

----



> The zipped file that was DLed comes out as memtest86+-4.20.iso(1).zip
> 
> When I extract it to the folder I have for this memory test, it extracts as mt420.iso
> 
> ...


Sorry, the program has been updated since I last wrote that, so you have the mt420.iso, so yes, burn this to a disk.

You'll also need to make your computer boot from the dvd drive before it boots to Windows, so you'll have to enter the BIOS.

Its not a bad place, people are just a little scared of it.

However, if you let me know which version you have, I'll see if I can get you to the right place 

So, go to Start | Run and type

*msinfo32*

and press OK.

Now, in there, under System Summary, will be the BIOS Version/Date.

----

For the plugins, I assume disabling them all worked. Of the 3 that you have left:

LastPass
ReminderFox
Roomy Bookmarks Toolbar

Can you test to see what happens if you disable, say LastPass. Does it make it better?

If the same, re-enable it and then try ReminderFox, and so on.

Let me know which stops the problems.

---

Can you see if your Avira Antivirus is working okay? Just something that was shown in the Event Viewer. May just be a glitch at the time.

Also, you have this:



> Log: 'Application' Date/Time: 04/10/2012 6:10:46 AM
> Type: warning Category: 107
> Event: 4830 Source: COM+
> COM+ has determined that your machine is running very low on available memory. In order to ensure proper system behavior, the activation of the component has been refused. If this problem continues, either install more memory or increase the size of your paging file. Memory statistics are: dwMemoryLoad = 91 ullTotalPhys = 0x0cfdc1000 ullAvailPhys = 0x01265d000 ullTotalPageFile = 0x185bc3000 ullAvailPageFile = 0x0129ce000 ullTotalVirtual = 0x07ffe0000 ullAvailVirtual = 0x07ddb5000 Process Name: vssvc.exe Comsvcs.dll file version: not loaded


Basically, its pointing to the memory again. This isn't the space on your harddrive, but the RAM that you were going to test above.

I have a feeling the RAM may be dying. Do you know how old the RAM is?

Also, I know you said you don't have a server, but do you host any parts of your websites on this computer?

eddie


----------



## ep2002 (Oct 31, 2006)

I'm so sorry for the delay.

The CD thing is something I have to sit & follow step-by-step & I've had a lot going on so I haven't done it.

In answer to your other questions, I can't remove LP, as I mentioned otherwise I can't work. I have to be able to log into sites online. That's the only way to do it.

I just disabled Reminder Fox since it doesn't work for me, it keeps deleting my task. We'll see if that helps some. I did add 2 new add-ons Dingo & Firebug.

All of my sites are hosted by a hoster. Other than some files on my computer, the hoster has everything. I don't host anything from my computer.

Can we clean up the computer again from Malware? I'm having really strange things happen like:

1. Crash Plan isn't working. It says it can't connect to the Internet, but it works once I reboot. That's happened twice now.
2. I can't log onto my computer via my password once the computer goes to sleep. I'm able to log in no problem 99% of the time, then when things start to go wonky on the computer, it won't accept my p/w. Once I reboot, it's fine.
3. Other programs showing content that shouldn't be there, but once I reboot it goes away like it should have before.

I think that's about it for now, but that's scary enough. 

I hope you are doing well & Happy Halloween.


Michelle


----------



## eddie5659 (Mar 19, 2001)

That's okay about the delay, and hope you're having a nice Halloween as well 

I know we haven't looked at the malware side for a while now, and there are more tools out there now, so lets start with one now 

Please download *AdwCleaner* by Xplode onto your desktop.

Double click on *AdwCleaner.exe* to run the tool.
Click on *Search*.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[R1].txt* as well.

eddie


----------



## ep2002 (Oct 31, 2006)

Oh wow, normally it's the same tools LOL I'm off to sleep in a minute.

Here you go & thank you 

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 11:46:51
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michelle - EXOTIC-3C629299
# Boot Mode : Normal
# Running from : D:\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Documents and Settings\Administrator.EXOTIC-3C629299\Application Data\Mozilla\Firefox\Profiles\j2xpjb20.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Found : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\FCTB
Folder Found : C:\Documents and Settings\Michelle\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Michelle\Local Settings\Application Data\OpenCandy
Folder Found : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Found : HKCU\Software\Billeo
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default 
File : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\prefs.js

Found : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 9);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 9);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1331271677994");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxp%3A//www.exoticpu[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20H[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "107189974");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "c85b8a9a319447a585d3a5b3feaf76643bc[...]
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
Found : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
Found : user_pref("keyword.URL", "hxxp://srp.freecause.com/?ourmark=3&sid=100311&q=");
Found : user_pref("surfcanyon.added_to_searchbar", true);
Found : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {return scIsFF ? content.document : [...]
Found : user_pref("surfcanyon.hourly_code2", "scGetSearchStringFromGoogleSerp_hourly = function() {var aTags[...]
Found : user_pref("surfcanyon.hourly_code_timestamp", "1261036557169");
Found : user_pref("surfcanyon.inst_id", "57820063877454955934641917451889");
Found : user_pref("surfcanyon.inst_timestamp", "1260585687378");
Found : user_pref("surfcanyon.last_seen_splash", "303");
Found : user_pref("surfcanyon.partner_code", "SC");

Profile name : New-Profile-05-28-12 [Profil par défaut]
File : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\prefs.js

Found : user_pref("[email protected]", true);

Profile name : default 
File : C:\Documents and Settings\Administrator.EXOTIC-3C629299\Application Data\Mozilla\Firefox\Profiles\j2xpjb20.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8850 octets] - [04/11/2012 11:46:51]

########## EOF - C:\AdwCleaner[R1].txt - [8910 octets] ##########


----------



## eddie5659 (Mar 19, 2001)

Looks like you have a bit to remove, so after your sleep, can you do this 


Close all open programs and internet browsers.
Double click on *adwcleaner.exe* to run the tool.
Click on *Delete*.
Confirm each time with *Ok*.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at *C:\AdwCleaner[S1].txt* as well.


----------



## ep2002 (Oct 31, 2006)

Here you go...

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 13:07:24
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Michelle - EXOTIC-3C629299
# Boot Mode : Normal
# Running from : D:\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\Administrator.EXOTIC-3C629299\Application Data\Mozilla\Firefox\Profiles\j2xpjb20.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\FCTB
Folder Deleted : C:\Documents and Settings\Michelle\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Michelle\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Billeo
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default 
File : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\prefs.js

C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\user.js ... Deleted !

Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 9);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 9);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1331271677994");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxp%3A//www.exoticpu[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20H[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "107189974");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "c85b8a9a319447a585d3a5b3feaf76643bc[...]
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
Deleted : user_pref("keyword.URL", "hxxp://srp.freecause.com/?ourmark=3&sid=100311&q=");
Deleted : user_pref("surfcanyon.added_to_searchbar", true);
Deleted : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {return scIsFF ? content.document : [...]
Deleted : user_pref("surfcanyon.hourly_code2", "scGetSearchStringFromGoogleSerp_hourly = function() {var aTags[...]
Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1261036557169");
Deleted : user_pref("surfcanyon.inst_id", "57820063877454955934641917451889");
Deleted : user_pref("surfcanyon.inst_timestamp", "1260585687378");
Deleted : user_pref("surfcanyon.last_seen_splash", "303");
Deleted : user_pref("surfcanyon.partner_code", "SC");

Profile name : New-Profile-05-28-12 [Profil par défaut]
File : C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\prefs.js

Deleted : user_pref("[email protected]", true);

Profile name : default 
File : C:\Documents and Settings\Administrator.EXOTIC-3C629299\Application Data\Mozilla\Firefox\Profiles\j2xpjb20.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8979 octets] - [04/11/2012 11:46:51]
AdwCleaner[S1].txt - [9205 octets] - [04/11/2012 13:07:24]

########## EOF - C:\AdwCleaner[S1].txt - [9265 octets] ##########


----------



## ep2002 (Oct 31, 2006)

Just so you know, that program screwed with my TB passwords. I had to restart TB 3 times before I could finally get it working properly. TB kept asking me for the p/ws even though they had been in there before.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, had some personal issue to look at this week, so not been online much 

Was it this program that keps popping up?

Billeo

If so, looks like it's a legit program, so I'll let the developers know.

---

In the meantime, can you delete any copies of OTL you have, and get a fresh one as follows:

Only the one log may appear 

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%windir%\system32\tasks\*.* /64
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## ep2002 (Oct 31, 2006)

Hi there,

How are you doing?

I hope your personal issues got resolved.

Ok, so I finally ran this & at first it hung so I had to reboot. I'm still having problems with the computer suddenly not recognizing USB sticks, my Kindle, Crash Plan, etc. It will show it & then 5 minutes later out of the blue it won't. I have to reboot & then all is fine.

Several times Online Armor wanted me to approve something OTL was doing which was bringing up the black boxes for cmd.exe. That concerned me as I've never seen that happen before. It happened about 4 times I had to approve it.

Is this normal?

Here's the results, but only one notepad opened up & I just ran the software from my downloads folder, so I don't know where it puts the results after that. If you can tell me, I'll try to find that other file...

OTL logfile created on: 11/13/2012 2:35:32 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 68.04% Memory free
6.09 Gb Paging File | 5.10 Gb Available in Paging File | 83.82% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 119.49 Gb Free Space | 80.89% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 126.86 Gb Free Space | 88.82% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 147.66 Gb Free Space | 84.28% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.11 Gb Free Space | 3.07% Space Free | Partition Type: FAT32
Drive H: | 3.01 Gb Total Space | 2.91 Gb Free Space | 96.55% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 13:55:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012/11/05 21:20:00 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/11/05 21:19:08 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/11/05 21:19:07 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/03 15:41:20 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/10/03 15:40:36 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\OAsrv.exe
PRC - [2012/10/03 15:39:07 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/10/03 15:38:54 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/11 13:48:02 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/07/11 13:47:39 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/07 10:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/02/23 15:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2011/02/02 17:37:22 | 000,500,992 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2011/02/02 17:37:18 | 000,038,144 | ---- | M] (RingCentral, Inc.) -- C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2010/05/31 09:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Notes\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/08/18 17:27:06 | 005,137,648 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/07/11 13:47:43 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2012/07/11 13:47:39 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/05/12 18:10:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/26 13:47:33 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/04/13 23:19:48 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2011/04/13 23:19:48 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2011/04/13 23:19:48 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2011/04/13 23:19:48 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2011/04/13 23:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2011/04/13 23:19:48 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2011/04/13 23:19:48 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2011/04/13 23:19:48 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2011/04/13 23:19:48 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2011/04/13 23:19:48 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2011/04/13 23:19:48 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2011/04/13 23:19:47 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2011/04/13 23:19:47 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2011/04/13 23:19:47 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2011/04/13 23:19:46 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2011/04/13 23:19:46 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2011/04/13 23:19:46 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2011/04/13 23:19:46 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2011/04/13 23:19:46 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2011/04/13 23:19:46 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2011/04/13 23:19:45 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2011/04/13 23:19:45 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2011/04/13 23:19:45 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2011/04/13 23:19:45 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2011/04/13 23:19:45 | 000,234,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2011/04/13 23:19:44 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2011/04/13 23:19:44 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2011/04/13 23:19:44 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2011/04/13 23:19:44 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2011/04/13 23:19:44 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2011/04/13 23:19:43 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2011/04/13 23:19:42 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2011/04/13 23:19:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2011/04/13 23:19:41 | 000,078,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/02/02 17:38:46 | 001,049,856 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll
MOD - [2011/02/02 17:38:28 | 000,369,920 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll
MOD - [2011/02/02 17:31:32 | 001,548,288 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll
MOD - [2010/05/05 10:21:58 | 000,126,976 | ---- | M] () -- C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll
MOD - [2009/08/18 17:27:04 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 16:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/28 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2003/03/05 12:02:31 | 000,456,704 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
MOD - [2003/02/16 11:06:44 | 000,122,880 | ---- | M] () -- C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll

========== Services (SafeList) ==========

SRV - [2012/11/05 21:20:00 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/11/05 21:19:08 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/29 18:53:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/03 15:40:36 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/03 15:38:54 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 13:48:02 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/12/15 13:24:36 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/12/15 13:24:24 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/08 11:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- D:\Notes\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/26 12:40:16 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/10 20:08:44 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/20 12:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

========== Driver Services (SafeList) ==========

DRV - [2012/11/05 21:20:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/10/03 15:42:40 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/10/03 15:39:38 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/03 15:39:08 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/10/03 15:38:56 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/09/13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/02/14 21:44:58 | 007,585,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/01/14 15:02:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/20 01:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/10/07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/05/31 09:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Notes\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 09:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/02 21:06:12 | 000,011,520 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 21:06:11 | 000,071,424 | R--- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2008/07/24 00:55:23 | 000,007,296 | --S- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.SYS -- (EIO)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/02/27 11:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/23 15:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/09 02:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/03/02 02:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/11/15 22:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/04/24 15:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/02/17 09:28:32 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 09:28:30 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/24 17:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/07/20 12:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004/07/06 17:56:26 | 000,044,544 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D.sys -- (Video3D)
DRV - [2003/09/25 20:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.90.6
FF - prefs.js..extensions.enabledAddons: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.0.1.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.15
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.4
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.5
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.2
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 13:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 13:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/29 18:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/09 14:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/11/09 14:59:00 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/08/25 17:45:10 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/08/04 18:54:40 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/10/17 16:34:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/06/04 01:56:07 | 000,012,835 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:07 | 000,164,722 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/10/31 18:42:39 | 002,042,908 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/08/20 19:23:04 | 000,409,278 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,058,906 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/11/05 19:50:12 | 000,521,783 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:09 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/08/10 23:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/02/09 07:58:31 | 000,246,025 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/06 05:35:27 | 000,009,020 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/06/02 10:14:14 | 000,554,352 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{5e889f11-3738-6e34-f5ad-ccce03875424}.xpi
[2012/05/08 01:13:46 | 000,527,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
[2012/01/06 03:17:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/10/19 04:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/28 15:05:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2012/08/31 01:13:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 04:25:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.8_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKU\S-1-5-21-725345543-1844237615-839522115-1003..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.EXOTIC-3C629299\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files\Tracker\Tracker.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKU\S-1-5-21-725345543-1844237615-839522115-1003\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Michelle^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE - ()
MsConfig - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: *Adobe Reader Speed Launcher* - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: *BrMfcWnd* - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: *BrStsMon00* - hkey= - key= - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: *ccleaner* - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: *ControlCenter3* - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: *ctfmon.exe* - hkey= - key= - File not found
MsConfig - StartUpReg: *Google Update* - hkey= - key= - C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: *googletalk* - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: *H/PC Connection Agent* - hkey= - key= - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
MsConfig - StartUpReg: *ICQ* - hkey= - key= - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
MsConfig - StartUpReg: *pdfFactory Dispatcher v3* - hkey= - key= - File not found
MsConfig - StartUpReg: *Personal Assistant* - hkey= - key= - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
MsConfig - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: *RTHDCPL* - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: *StartCCC* - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: *Wondershare Helper Compact.exe* - hkey= - key= - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 02:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/29 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/10/21 01:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/10/20 04:43:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/20 04:43:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/20 04:43:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/19 04:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/11/13 14:47:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/11/13 14:42:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/11/13 14:29:10 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Tracker.lnk
[2012/11/13 14:27:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/13 14:27:29 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/13 14:26:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/13 14:11:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 21:42:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/11/12 12:01:40 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/08 13:14:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/07 07:32:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/07 02:15:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/11/05 21:20:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/10/31 03:05:30 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/10/21 01:29:53 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/10/18 23:26:08 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/18 23:26:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/11/07 02:15:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/21 01:29:52 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/08/10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/08/10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Thunderbird\Profiles\6huofoaa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2008/07/26 14:46:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/03/21 20:06:55 | 000,000,000 | ---D | M] -- C:\AMD
[2012/03/03 03:10:19 | 000,000,000 | ---D | M] -- C:\ATI
[2010/08/02 09:51:55 | 000,000,000 | ---D | M] -- C:\Brother
[2012/01/21 01:15:22 | 000,000,000 | ---D | M] -- C:\CASH
[2010/11/19 00:46:06 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012/01/02 14:08:15 | 000,000,000 | ---D | M] -- C:\ComboFix
[2012/11/13 14:31:09 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/07/24 01:03:56 | 000,000,000 | ---D | M] -- C:\Corel
[2011/03/16 20:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2012/01/20 00:08:00 | 000,000,000 | ---D | M] -- C:\dostools
[2011/12/09 22:01:07 | 000,000,000 | ---D | M] -- C:\EVENTDB
[2009/01/17 17:21:41 | 000,000,000 | ---D | M] -- C:\found.000
[2011/12/10 09:38:09 | 000,000,000 | ---D | M] -- C:\found.001
[2012/02/14 14:27:40 | 000,000,000 | ---D | M] -- C:\found.002
[2010/04/29 19:15:37 | 000,000,000 | ---D | M] -- C:\Garmin
[2010/11/28 07:49:19 | 000,000,000 | ---D | M] -- C:\HP Disk
[2010/04/29 13:16:36 | 000,000,000 | ---D | M] -- C:\ICONS
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\INFECTED
[2010/04/29 13:17:46 | 000,000,000 | ---D | M] -- C:\INSTALL.DSK
[2012/03/21 02:46:41 | 000,000,000 | ---D | M] -- C:\Intel
[2011/12/09 04:59:04 | 000,000,000 | ---D | M] -- C:\LOGFILES
[2008/10/23 00:13:27 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008/07/24 13:38:03 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008/07/24 00:35:07 | 000,000,000 | ---D | M] -- C:\OFFICE
[2012/10/29 19:23:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/19 23:56:21 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/02/23 01:22:36 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/12/08 23:55:40 | 000,000,000 | ---D | M] -- C:\REPORTS
[2012/01/08 02:05:13 | 000,000,000 | ---D | M] -- C:\rsit
[2009/01/23 16:02:16 | 000,000,000 | ---D | M] -- C:\Samsung
[2012/11/11 17:37:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/22 15:24:39 | 000,000,000 | ---D | M] -- C:\Temp
[2012/02/19 23:56:22 | 000,000,000 | ---D | M] -- C:\Username123
[2012/03/12 23:39:53 | 000,000,000 | ---D | M] -- C:\vWorker
[2012/10/12 21:37:40 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/11/18 22:14:19 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\107c1596.msi
[2009/11/08 22:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\10bbab.msp
[2010/03/30 23:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\10bbb9.msp
[2009/01/14 14:43:58 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\10de3e8e.msp
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f8.mst
[2008/07/24 00:54:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\1251f9.mst
[2008/07/24 00:54:02 | 007,516,672 | ---- | M] () -- C:\WINDOWS\Installer\1251fd.msi
[2008/07/24 00:55:09 | 000,956,928 | ---- | M] () -- C:\WINDOWS\Installer\12520e.msi
[2008/07/24 00:55:26 | 000,903,680 | ---- | M] () -- C:\WINDOWS\Installer\125218.msi
[2008/07/24 00:55:44 | 016,722,944 | ---- | M] () -- C:\WINDOWS\Installer\125222.msi
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125224.mst
[2008/07/24 00:55:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\125225.mst
[2008/07/24 00:55:53 | 006,558,208 | ---- | M] () -- C:\WINDOWS\Installer\125229.msi
[2008/07/24 08:24:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\12d8435.msi
[2012/06/12 03:46:23 | 000,039,424 | ---- | M] () -- C:\WINDOWS\Installer\13db314.msi
[2012/06/12 03:46:26 | 020,343,808 | R--- | M] () -- C:\WINDOWS\Installer\13db31c.msp
[2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\14e9f811.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\14e9f81a.msp
[2008/06/04 11:29:48 | 016,905,728 | R--- | M] () -- C:\WINDOWS\Installer\14ef95ea.msp
[2008/07/30 06:50:56 | 012,506,112 | R--- | M] () -- C:\WINDOWS\Installer\14ef9601.msp
[2012/08/02 10:29:26 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\14fb2b5e.msp
[2012/07/18 15:53:36 | 010,937,344 | R--- | M] () -- C:\WINDOWS\Installer\14fb2b68.msp
[2012/07/17 10:11:02 | 006,145,024 | R--- | M] () -- C:\WINDOWS\Installer\14fb2b7f.msp
[2012/07/17 10:17:04 | 022,363,136 | R--- | M] () -- C:\WINDOWS\Installer\14fb2b96.msp
[2012/06/26 18:03:12 | 003,875,840 | R--- | M] () -- C:\WINDOWS\Installer\14fb2b9f.msp
[2008/12/08 16:31:30 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\14fb364d.msi
[2008/10/17 08:03:18 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\14fb3663.msp
[2008/10/25 08:15:10 | 006,227,456 | R--- | M] () -- C:\WINDOWS\Installer\14fb367a.msp
[2008/09/24 11:05:44 | 016,381,440 | R--- | M] () -- C:\WINDOWS\Installer\14fb3683.msp
[2012/04/17 12:11:06 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1559b006.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\1559b010.msp
[2012/04/27 15:09:22 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1559b027.msp
[2012/03/19 22:02:30 | 006,695,936 | R--- | M] () -- C:\WINDOWS\Installer\1559b03e.msp
[2012/04/09 16:50:24 | 006,829,568 | R--- | M] () -- C:\WINDOWS\Installer\1559b055.msp
[2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\1559b063.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\1559b06d.msp
[2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\1559b07c.msp
[2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\1559b085.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1559b08f.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\1657c717.msp
[2011/11/17 10:55:20 | 005,522,944 | ---- | M] () -- C:\WINDOWS\Installer\1657c719.msp
[2011/01/17 15:06:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\171b66fa.msp
[2007/11/08 09:42:36 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\173cd7.msp
[2008/01/14 13:24:52 | 010,721,280 | R--- | M] () -- C:\WINDOWS\Installer\173ced.msp
[2008/01/14 14:53:34 | 005,213,696 | R--- | M] () -- C:\WINDOWS\Installer\173d03.msp
[2008/04/14 12:26:46 | 011,888,128 | R--- | M] () -- C:\WINDOWS\Installer\173d1a.msp
[2008/01/31 08:30:52 | 009,947,648 | R--- | M] () -- C:\WINDOWS\Installer\173d38.msp
[2008/02/29 20:09:58 | 016,907,776 | R--- | M] () -- C:\WINDOWS\Installer\173d4f.msp
[2008/04/01 12:33:20 | 005,479,936 | R--- | M] () -- C:\WINDOWS\Installer\173d69.msp
[2008/03/17 10:48:50 | 011,813,888 | R--- | M] () -- C:\WINDOWS\Installer\173d80.msp
[2008/06/11 13:05:06 | 009,994,240 | R--- | M] () -- C:\WINDOWS\Installer\173d9b.msp
[2010/01/27 16:53:46 | 006,820,864 | R--- | M] () -- C:\WINDOWS\Installer\187d0a98.msp
[2010/02/21 00:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\187d0aa2.msp
[2012/01/13 01:42:45 | 003,947,520 | ---- | M] () -- C:\WINDOWS\Installer\19ef7e82.msi
[2012/07/18 15:54:24 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\1adb9235.msp
[2012/08/06 13:24:02 | 007,682,560 | R--- | M] () -- C:\WINDOWS\Installer\1adb924c.msp
[2011/04/13 22:54:31 | 000,218,624 | ---- | M] () -- C:\WINDOWS\Installer\1b116437.msi
[2011/04/13 22:55:26 | 006,465,536 | ---- | M] () -- C:\WINDOWS\Installer\1b11643c.msi
[2011/04/13 23:12:55 | 026,428,928 | ---- | M] () -- C:\WINDOWS\Installer\1b212f4f.msi
[2011/04/13 23:13:42 | 001,100,288 | ---- | M] () -- C:\WINDOWS\Installer\1b212f57.msi
[2011/04/13 23:13:46 | 000,294,912 | ---- | M] () -- C:\WINDOWS\Installer\1b212f5f.msi
[2011/04/13 23:13:49 | 000,288,768 | ---- | M] () -- C:\WINDOWS\Installer\1b212f66.msi
[2011/04/13 23:13:50 | 000,182,784 | ---- | M] () -- C:\WINDOWS\Installer\1b212f6d.msi
[2011/04/13 23:13:55 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f74.msi
[2011/04/13 23:13:59 | 000,357,376 | ---- | M] () -- C:\WINDOWS\Installer\1b212f7b.msi
[2011/04/13 23:14:03 | 000,291,840 | ---- | M] () -- C:\WINDOWS\Installer\1b212f82.msi
[2011/04/13 23:14:29 | 000,548,352 | ---- | M] () -- C:\WINDOWS\Installer\1b212f89.msi
[2011/04/13 23:14:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\Installer\1b212f90.msi
[2011/04/13 23:14:40 | 000,181,248 | ---- | M] () -- C:\WINDOWS\Installer\1b212f97.msi
[2011/04/13 23:14:41 | 000,180,736 | ---- | M] () -- C:\WINDOWS\Installer\1b212f9e.msi
[2011/04/13 23:14:42 | 000,186,368 | ---- | M] () -- C:\WINDOWS\Installer\1b212fa5.msi
[2011/04/13 23:14:44 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\1b212fad.msi
[2011/04/13 23:14:51 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\1b212fb5.msi
[2011/04/13 23:14:53 | 000,370,688 | ---- | M] () -- C:\WINDOWS\Installer\1b212fbc.msi
[2011/04/13 23:14:56 | 000,295,936 | ---- | M] () -- C:\WINDOWS\Installer\1b212fc3.msi
[2011/04/13 23:14:58 | 002,035,200 | ---- | M] () -- C:\WINDOWS\Installer\1b212fca.msi
[2011/04/13 23:16:34 | 001,515,008 | ---- | M] () -- C:\WINDOWS\Installer\1b212fd2.msi
[2010/03/22 14:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\1b53d496.msp
[2010/03/11 10:03:40 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4ad.msp
[2010/03/11 19:16:30 | 004,148,224 | R--- | M] () -- C:\WINDOWS\Installer\1b53d4c4.msp
[2011/10/27 04:49:16 | 000,160,768 | ---- | M] () -- C:\WINDOWS\Installer\1c5d6f.msi
[2009/05/12 11:01:38 | 006,818,816 | R--- | M] () -- C:\WINDOWS\Installer\1c93e0.msp
[2009/04/04 05:35:30 | 038,325,760 | R--- | M] () -- C:\WINDOWS\Installer\1c9409.msp
[2009/05/28 10:32:54 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\1c9420.msp
[2009/04/23 15:57:12 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\1c9437.msp
[2009/04/24 10:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\1c9443.msp
[2009/05/04 05:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\1c944e.msp
[2012/04/04 05:17:36 | 016,613,376 | ---- | M] () -- C:\WINDOWS\Installer\1dab47ba.msp
[2012/04/17 22:08:50 | 001,769,984 | ---- | M] () -- C:\WINDOWS\Installer\1dd1d204.msi
[2010/08/24 07:49:22 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\1e7aff.msp
[2010/10/04 14:32:10 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\1e7b16.msp
[2010/08/23 15:09:02 | 007,673,344 | R--- | M] () -- C:\WINDOWS\Installer\1e7b2d.msp
[2009/10/22 11:28:50 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5936.msp
[2009/10/06 17:40:46 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\1f8e594d.msp
[2009/08/18 11:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\1f8e5957.msp
[2009/10/22 11:46:32 | 006,821,888 | R--- | M] () -- C:\WINDOWS\Installer\1f8e596e.msp
[2011/10/07 23:06:42 | 000,022,528 | ---- | M] () -- C:\WINDOWS\Installer\1f93262.msi
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\1fde943.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\1fde94c.msp
[2010/11/26 23:57:53 | 000,454,656 | ---- | M] () -- C:\WINDOWS\Installer\2108b86.msi
[2011/06/28 20:27:28 | 004,028,928 | R--- | M] () -- C:\WINDOWS\Installer\212ded.msp
[2002/12/20 11:03:32 | 001,247,232 | ---- | M] () -- C:\WINDOWS\Installer\214066.msi
[2008/07/24 01:20:06 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140a3.msi
[2008/07/24 01:20:07 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140aa.msi
[2008/07/24 01:20:09 | 000,123,904 | ---- | M] () -- C:\WINDOWS\Installer\2140b1.msi
[2008/07/24 01:20:30 | 000,121,344 | ---- | M] () -- C:\WINDOWS\Installer\2140e4.msi
[2008/07/24 01:20:32 | 000,274,432 | ---- | M] () -- C:\WINDOWS\Installer\2140f0.msi
[2008/07/24 01:20:57 | 000,985,600 | ---- | M] () -- C:\WINDOWS\Installer\214134.msi
[2008/07/24 01:28:43 | 001,533,440 | ---- | M] () -- C:\WINDOWS\Installer\214155.msi
[2011/09/15 17:37:32 | 038,176,256 | R--- | M] () -- C:\WINDOWS\Installer\2183a2.msp
[2009/07/08 21:10:04 | 001,659,392 | ---- | M] () -- C:\WINDOWS\Installer\22388d37.msi
[2009/08/25 12:57:34 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\231086dd.msp
[2011/09/20 14:36:20 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\235a8d9c.msp
[2011/07/11 19:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\235a8da8.msp
[2012/03/21 20:08:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\Installer\23cb6a.msi
[2012/03/21 20:08:14 | 001,720,832 | ---- | M] () -- C:\WINDOWS\Installer\23cb72.msi
[2012/03/21 20:12:05 | 000,356,352 | ---- | M] () -- C:\WINDOWS\Installer\23cc9b.msi
[2012/03/21 20:12:07 | 000,265,728 | ---- | M] () -- C:\WINDOWS\Installer\23cca2.msi
[2012/03/21 20:12:08 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccaa.msi
[2012/03/21 20:12:10 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb1.msi
[2012/03/21 20:12:11 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccb8.msi
[2012/03/21 20:12:12 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccbf.msi
[2012/03/21 20:12:14 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccc6.msi
[2012/03/21 20:12:15 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cccd.msi
[2012/03/21 20:12:17 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccd4.msi
[2012/03/21 20:12:18 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23ccdb.msi
[2012/03/21 20:12:19 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cce2.msi
[2012/03/21 20:12:21 | 000,251,392 | ---- | M] () -- C:\WINDOWS\Installer\23cce9.msi
[2012/03/21 20:12:22 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf0.msi
[2012/03/21 20:12:24 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23ccf7.msi
[2012/03/21 20:12:25 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23ccfe.msi
[2012/03/21 20:12:26 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd05.msi
[2012/03/21 20:12:28 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd0c.msi
[2012/03/21 20:12:29 | 000,250,880 | ---- | M] () -- C:\WINDOWS\Installer\23cd13.msi
[2012/03/21 20:12:30 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd1a.msi
[2012/03/21 20:12:31 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd21.msi
[2012/03/21 20:12:33 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd28.msi
[2012/03/21 20:12:34 | 000,250,368 | ---- | M] () -- C:\WINDOWS\Installer\23cd2f.msi
[2012/03/21 20:12:35 | 000,249,344 | ---- | M] () -- C:\WINDOWS\Installer\23cd36.msi
[2012/03/21 20:12:37 | 000,251,904 | ---- | M] () -- C:\WINDOWS\Installer\23cd3d.msi
[2012/03/21 20:12:41 | 000,418,304 | ---- | M] () -- C:\WINDOWS\Installer\23cd44.msi
[2012/03/21 20:12:42 | 000,232,960 | ---- | M] () -- C:\WINDOWS\Installer\23cd4b.msi
[2012/03/21 20:12:59 | 001,136,128 | ---- | M] () -- C:\WINDOWS\Installer\23cd53.msi
[2009/07/01 11:21:28 | 008,891,904 | R--- | M] () -- C:\WINDOWS\Installer\24a1a268.msp
[2009/07/01 11:19:52 | 010,607,104 | R--- | M] () -- C:\WINDOWS\Installer\24a1a269.msp
[2009/08/05 00:11:20 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\24a1a280.msp
[2009/06/30 09:30:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\24d1dd6e.msp
[2009/05/21 20:04:59 | 000,301,056 | ---- | M] () -- C:\WINDOWS\Installer\253c0d99.msi
[2009/05/21 20:05:10 | 000,107,008 | ---- | M] () -- C:\WINDOWS\Installer\253c0da0.msi
[2009/05/21 20:05:23 | 000,059,904 | ---- | M] () -- C:\WINDOWS\Installer\253c0da7.msi
[2009/05/21 20:05:31 | 000,083,456 | ---- | M] () -- C:\WINDOWS\Installer\253c0dae.msi
[2009/05/21 20:06:23 | 000,152,576 | ---- | M] () -- C:\WINDOWS\Installer\253c0db5.msi
[2009/05/21 20:06:32 | 000,202,752 | ---- | M] () -- C:\WINDOWS\Installer\253c0dbc.msi
[2009/05/21 20:06:40 | 000,140,288 | ---- | M] () -- C:\WINDOWS\Installer\253c0dc4.msi
[2009/05/21 20:06:44 | 000,028,160 | ---- | M] () -- C:\WINDOWS\Installer\253c0dcb.msi
[2009/05/21 20:06:49 | 000,025,088 | ---- | M] () -- C:\WINDOWS\Installer\253c0dd7.msi
[2009/05/21 20:57:45 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\253c0df7.msi
[2009/12/01 15:41:08 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\28e45.msi
[2012/07/30 17:24:15 | 001,317,888 | ---- | M] () -- C:\WINDOWS\Installer\299db188.msi
[2008/11/05 21:18:51 | 000,355,328 | ---- | M] () -- C:\WINDOWS\Installer\2bb9aa36.msi
[2010/09/23 05:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\2c65945b.msp
[2010/09/23 19:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\2c659464.msp
[2012/01/15 04:27:20 | 000,430,592 | ---- | M] () -- C:\WINDOWS\Installer\2cc9d85.msi
[2011/11/17 10:55:20 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\2e0c146.msp
[2011/10/31 12:37:46 | 004,146,688 | R--- | M] () -- C:\WINDOWS\Installer\2e0c15e.msp
[2011/10/29 23:10:18 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\2e0c175.msp
[2011/11/01 13:34:30 | 001,552,384 | R--- | M] () -- C:\WINDOWS\Installer\2e0c17f.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\2fabd.msp
[2010/04/21 15:46:50 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\30788.msp
[2009/10/16 16:07:18 | 006,115,328 | R--- | M] () -- C:\WINDOWS\Installer\3079f.msp
[2009/04/06 15:00:42 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\30f1a.msp
[2008/07/23 20:37:12 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\317a6.msi
[2009/09/21 14:53:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\32dbce93.msp
[2009/09/29 07:08:12 | 006,747,648 | R--- | M] () -- C:\WINDOWS\Installer\32dbceaa.msp
[2009/07/27 02:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\32dbceb4.msp
[2009/08/20 03:02:38 | 005,204,992 | R--- | M] () -- C:\WINDOWS\Installer\32dbcecb.msp
[2009/08/21 08:14:20 | 008,363,008 | R--- | M] () -- C:\WINDOWS\Installer\32dbcee8.msp
[2010/02/26 17:50:15 | 000,763,392 | ---- | M] () -- C:\WINDOWS\Installer\338312d.msi
[2011/05/23 13:15:48 | 003,617,792 | R--- | M] () -- C:\WINDOWS\Installer\34a4ce08.msp
[2009/06/08 21:31:49 | 000,912,384 | ---- | M] () -- C:\WINDOWS\Installer\34eff27c.msi
[2012/08/02 10:31:24 | 001,648,640 | ---- | M] () -- C:\WINDOWS\Installer\378b8.msi
[2012/06/29 14:33:46 | 006,063,616 | R--- | M] () -- C:\WINDOWS\Installer\3808ef1.msp
[2012/03/05 21:34:06 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\38e3d.msp
[2010/02/03 18:06:50 | 001,205,760 | ---- | M] () -- C:\WINDOWS\Installer\3df54d1d.msi
[2010/01/11 01:46:39 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\3e280242.msi
[2008/07/29 18:31:05 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\3e280243.msp
[2008/07/29 18:37:10 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\3e280244.msp
[2008/07/29 18:33:06 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\3e280245.msp
[2008/07/29 18:43:20 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\3e280246.msp
[2008/07/29 18:35:08 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\3e280247.msp
[2008/07/29 18:39:12 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\3e280248.msp
[2008/07/29 18:41:15 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\3e280249.msp
[2008/07/29 18:29:02 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\3e28024a.msp
[2008/07/29 18:45:26 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\3e28024b.msp
[2010/01/11 01:48:22 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\3e2ac045.msi
[2008/07/29 22:07:18 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac046.msp
[2008/07/29 20:18:47 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac047.msp
[2008/07/29 21:22:41 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac048.msp
[2008/07/29 20:34:27 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac049.msp
[2008/07/29 22:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04a.msp
[2008/07/29 20:40:37 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04b.msp
[2008/07/29 21:37:55 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04c.msp
[2008/07/29 22:28:09 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04d.msp
[2008/07/29 20:26:24 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04e.msp
[2008/07/29 22:23:11 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\3e2ac04f.msp
[2010/01/11 01:49:37 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\3e2c48a2.msi
[2012/10/31 03:05:31 | 000,851,456 | ---- | M] () -- C:\WINDOWS\Installer\3e96057b.msi
[2010/09/24 00:25:13 | 005,241,344 | ---- | M] () -- C:\WINDOWS\Installer\3f3e1071.msi
[2010/09/24 01:12:02 | 003,969,024 | ---- | M] () -- C:\WINDOWS\Installer\3f6850ab.msi
[2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\4041a.msp
[2009/11/17 12:58:25 | 000,087,040 | ---- | M] () -- C:\WINDOWS\Installer\41f6646.msi
[2009/11/17 12:58:27 | 000,087,552 | ---- | M] () -- C:\WINDOWS\Installer\41f664d.msi
[2012/11/13 14:31:09 | 000,030,720 | ---- | M] () -- C:\WINDOWS\Installer\42d37.msi
[2008/07/24 01:47:17 | 000,020,992 | ---- | M] () -- C:\WINDOWS\Installer\43c29f.msi
[2008/10/20 09:18:14 | 006,474,240 | R--- | M] () -- C:\WINDOWS\Installer\43c52.msp
[2008/10/22 21:48:56 | 007,672,832 | R--- | M] () -- C:\WINDOWS\Installer\43c69.msp
[2008/10/22 21:43:52 | 006,820,352 | R--- | M] () -- C:\WINDOWS\Installer\43c80.msp
[2008/10/20 09:22:54 | 011,758,592 | R--- | M] () -- C:\WINDOWS\Installer\43c8a.msp
[2008/07/01 07:25:56 | 011,814,912 | R--- | M] () -- C:\WINDOWS\Installer\4520220b.msp
[2008/07/28 12:59:08 | 000,180,736 | R--- | M] () -- C:\WINDOWS\Installer\45202221.msp
[2008/06/11 12:02:44 | 000,830,464 | R--- | M] () -- C:\WINDOWS\Installer\45202237.msp
[2008/07/08 09:27:36 | 008,436,736 | R--- | M] () -- C:\WINDOWS\Installer\4520224e.msp
[2008/07/16 08:39:56 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\45202265.msp
[2008/07/08 08:09:30 | 011,887,616 | R--- | M] () -- C:\WINDOWS\Installer\4520227c.msp
[2011/08/17 10:13:19 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\45bd00cc.msi
[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\4653d0d8.msp
[2008/12/13 08:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\4653d0e9.msp
[2008/12/13 09:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\4653d0f5.msp
[2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\4653d102.msp
[2009/08/14 19:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\4653d10d.msp
[2010/08/25 15:06:30 | 006,479,360 | R--- | M] () -- C:\WINDOWS\Installer\487d4853.msp
[2010/08/20 11:50:16 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\487d486a.msp
[2010/08/05 08:57:58 | 004,066,304 | R--- | M] () -- C:\WINDOWS\Installer\487d488f.msp
[2012/09/11 14:14:38 | 000,873,984 | ---- | M] () -- C:\WINDOWS\Installer\4968219.msi
[2012/09/11 14:15:27 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Installer\496822b.msi
[2009/04/24 10:31:18 | 001,425,920 | R--- | M] () -- C:\WINDOWS\Installer\49cc3.msp
[2009/05/01 13:49:44 | 004,328,960 | R--- | M] () -- C:\WINDOWS\Installer\49cdb.msp
[2009/08/05 23:42:25 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75d4.msi
[2009/08/05 23:42:32 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\4f6f75db.msi
[2010/06/30 20:52:28 | 005,522,944 | R--- | M] () -- C:\WINDOWS\Installer\50d2c.msp
[2010/06/11 15:55:00 | 001,827,328 | R--- | M] () -- C:\WINDOWS\Installer\50d44.msp
[2010/06/11 15:52:10 | 045,542,912 | R--- | M] () -- C:\WINDOWS\Installer\50d45.msp
[2010/05/25 09:45:58 | 008,445,440 | R--- | M] () -- C:\WINDOWS\Installer\50d5d.msp
[2008/11/05 13:25:16 | 005,518,336 | R--- | M] () -- C:\WINDOWS\Installer\51d58.msp
[2012/06/20 22:16:16 | 000,213,504 | ---- | M] () -- C:\WINDOWS\Installer\5215c0e.msi
[2009/07/22 15:22:05 | 001,091,584 | ---- | M] () -- C:\WINDOWS\Installer\58c467a.msi
[2009/07/22 15:22:07 | 000,084,480 | ---- | M] () -- C:\WINDOWS\Installer\58c4681.msi
[2008/12/12 10:09:40 | 005,517,824 | R--- | M] () -- C:\WINDOWS\Installer\5bc17de.msp
[2009/03/05 13:40:52 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\5bf94773.msp
[2009/02/25 17:07:14 | 011,646,464 | R--- | M] () -- C:\WINDOWS\Installer\5bf9477d.msp
[2012/11/01 09:43:08 | 000,349,696 | ---- | M] () -- C:\WINDOWS\Installer\5c3fdab.msi
[2010/03/28 12:38:02 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\5da72f.msi
[2011/01/11 15:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\624977a9.msp
[2011/03/03 09:25:14 | 005,051,904 | R--- | M] () -- C:\WINDOWS\Installer\624977c0.msp
[2011/03/17 18:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\624977ca.msp
[2010/11/20 21:34:34 | 001,198,080 | R--- | M] () -- C:\WINDOWS\Installer\624977d4.msp
[2011/02/11 18:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\624977e1.msp
[2011/04/05 10:52:16 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\624977f8.msp
[2011/02/24 07:38:52 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\6249780f.msp
[2011/01/27 12:49:14 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\62497826.msp
[2010/07/10 18:14:14 | 002,850,816 | R--- | M] () -- C:\WINDOWS\Installer\6361e.msp
[2008/07/24 02:42:00 | 000,431,104 | ---- | M] () -- C:\WINDOWS\Installer\6362e.msi
[2010/07/26 15:02:46 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\63635.msp
[2010/05/19 11:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\63641.msp
[2010/06/28 20:53:16 | 006,819,840 | R--- | M] () -- C:\WINDOWS\Installer\63658.msp
[2010/06/28 14:01:18 | 007,677,952 | R--- | M] () -- C:\WINDOWS\Installer\6366f.msp
[2009/11/20 14:00:24 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\642cceb3.msp
[2009/09/09 14:40:48 | 000,632,320 | R--- | M] () -- C:\WINDOWS\Installer\642cceca.msp
[2009/12/16 21:58:22 | 005,382,144 | R--- | M] () -- C:\WINDOWS\Installer\642ccee4.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\64e51e6.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\64e51f0.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\64e51fd.msp
[2011/08/16 11:35:02 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\64e5213.msp
[2011/07/26 07:17:10 | 006,824,960 | R--- | M] () -- C:\WINDOWS\Installer\64e522a.msp
[2011/07/26 15:33:48 | 010,984,448 | R--- | M] () -- C:\WINDOWS\Installer\64e5241.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\64e524b.msp
[2011/04/29 11:30:12 | 001,197,056 | R--- | M] () -- C:\WINDOWS\Installer\65584a30.msp
[2011/06/16 10:48:15 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\65584a43.msi
[2011/04/29 12:04:54 | 005,053,440 | R--- | M] () -- C:\WINDOWS\Installer\65584a59.msp
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\65584a63.msp
[2011/05/17 17:28:52 | 006,862,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a7a.msp
[2011/05/20 16:31:56 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\65584a91.msp
[2011/04/27 18:51:18 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\65584aa8.msp
[2011/06/16 10:54:14 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\65584ab1.msi
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\65584aba.msp
[2010/03/30 10:34:48 | 003,826,688 | R--- | M] () -- C:\WINDOWS\Installer\66e22.msp
[2010/05/03 14:06:36 | 005,053,952 | R--- | M] () -- C:\WINDOWS\Installer\66e39.msp
[2010/04/24 15:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\66e43.msp
[2010/02/24 22:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\66e52.msp
[2010/04/11 20:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\66e5f.msp
[2010/04/11 20:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\66e60.msp
[2010/04/11 20:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\66e70.msp
[2010/05/10 15:17:22 | 005,520,896 | R--- | M] () -- C:\WINDOWS\Installer\66e87.msp
[2010/05/04 20:25:30 | 007,681,024 | R--- | M] () -- C:\WINDOWS\Installer\66e9e.msp
[2010/05/03 14:11:42 | 004,149,760 | R--- | M] () -- C:\WINDOWS\Installer\66eb5.msp
[2010/04/24 15:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\66ebf.msp
[2010/05/03 14:27:52 | 006,825,472 | R--- | M] () -- C:\WINDOWS\Installer\66ed6.msp
[2010/05/11 09:30:58 | 011,194,880 | R--- | M] () -- C:\WINDOWS\Installer\66eed.msp
[2009/05/10 17:01:12 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\6dfbd.msi
[2010/01/19 17:29:16 | 005,050,368 | R--- | M] () -- C:\WINDOWS\Installer\72a0146.msp
[2010/01/19 16:51:12 | 005,524,480 | R--- | M] () -- C:\WINDOWS\Installer\72a015d.msp
[2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1806.msp
[2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\WINDOWS\Installer\732b1811.msp
[2007/10/14 22:33:24 | 026,646,016 | R--- | M] () -- C:\WINDOWS\Installer\732b1827.msp
[2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\WINDOWS\Installer\732b1831.msp
[2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\WINDOWS\Installer\732b183b.msp
[2008/06/19 17:28:04 | 001,573,376 | R--- | M] () -- C:\WINDOWS\Installer\732b1846.msp
[2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\WINDOWS\Installer\732b1850.msp
[2008/08/13 13:49:34 | 011,816,960 | R--- | M] () -- C:\WINDOWS\Installer\732b1867.msp
[2007/07/27 07:03:06 | 119,977,472 | R--- | M] () -- C:\WINDOWS\Installer\766131.msp
[2008/08/03 17:42:07 | 000,470,528 | ---- | M] () -- C:\WINDOWS\Installer\766139.msi
[2008/06/10 12:09:22 | 005,517,312 | R--- | M] () -- C:\WINDOWS\Installer\766150.msp
[2005/10/26 12:59:54 | 002,883,072 | R--- | M] () -- C:\WINDOWS\Installer\766167.msp
[2012/01/25 14:55:08 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\79d6c.msp
[2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\79d75.msp
[2008/07/23 22:52:25 | 005,922,816 | ---- | M] () -- C:\WINDOWS\Installer\7e0c8b.msi
[2009/12/11 09:29:56 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\7eb2e.msp
[2011/12/06 15:22:40 | 005,519,360 | R--- | M] () -- C:\WINDOWS\Installer\858ed0f.msp
[2009/08/12 11:38:16 | 000,637,952 | ---- | M] () -- C:\WINDOWS\Installer\9473cab.msi
[2009/08/12 12:31:34 | 000,799,232 | ---- | M] () -- C:\WINDOWS\Installer\977f5fc.msi
[2009/08/12 12:35:45 | 000,404,480 | ---- | M] () -- C:\WINDOWS\Installer\977f60c.msi
[2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\9c203.msp
[2012/03/28 18:10:04 | 012,098,048 | R--- | M] () -- C:\WINDOWS\Installer\9c21a.msp
[2012/03/22 13:09:58 | 005,521,920 | R--- | M] () -- C:\WINDOWS\Installer\9c231.msp
[2011/07/26 12:50:18 | 005,522,432 | R--- | M] () -- C:\WINDOWS\Installer\a09b9.msp
[2011/05/01 23:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\a09c2.msp
[2009/02/11 13:02:00 | 005,519,872 | R--- | M] () -- C:\WINDOWS\Installer\a83efb3.msp
[2012/10/21 01:29:53 | 000,057,856 | ---- | M] () -- C:\WINDOWS\Installer\ac079aa.msi
[2010/07/25 20:02:03 | 001,094,656 | ---- | M] () -- C:\WINDOWS\Installer\afd4fc8.msi
[2011/02/22 09:32:12 | 005,520,384 | R--- | M] () -- C:\WINDOWS\Installer\b4687ec.msp
[2010/10/01 20:53:12 | 004,147,712 | R--- | M] () -- C:\WINDOWS\Installer\b89d6a5.msp
[2010/12/06 14:02:34 | 005,518,848 | R--- | M] () -- C:\WINDOWS\Installer\b89d6bc.msp
[2010/11/12 10:08:30 | 000,889,344 | R--- | M] () -- C:\WINDOWS\Installer\b89d6d7.msp
[2010/10/22 14:45:16 | 008,444,928 | R--- | M] () -- C:\WINDOWS\Installer\b89d6ef.msp
[2012/10/09 14:12:28 | 000,027,648 | ---- | M] () -- C:\WINDOWS\Installer\ba0465a.msi
[2011/11/03 13:31:36 | 005,525,504 | R--- | M] () -- C:\WINDOWS\Installer\babef.msp
[2011/04/08 20:17:28 | 000,004,608 | ---- | M] () -- C:\WINDOWS\Installer\c1a34e.msi
[2012/06/06 23:43:46 | 009,474,048 | ---- | M] () -- C:\WINDOWS\Installer\c2675e5.msi
[2012/06/06 23:46:57 | 001,530,368 | ---- | M] () -- C:\WINDOWS\Installer\c26761f.msi
[2012/04/08 17:50:56 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Installer\caebb2b.msi
[2012/04/08 20:33:27 | 002,991,104 | ---- | M] () -- C:\WINDOWS\Installer\d40c8f0.msi
[2010/04/29 19:20:37 | 001,571,840 | ---- | M] () -- C:\WINDOWS\Installer\d5a53e.msi
[2012/03/21 02:43:38 | 000,031,744 | ---- | M] () -- C:\WINDOWS\Installer\d66cf.msi
[2012/09/16 04:11:21 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\df06627.msi
[2010/10/22 12:25:02 | 005,521,408 | R--- | M] () -- C:\WINDOWS\Installer\e356b0.msp
[2010/10/01 16:42:36 | 005,054,464 | R--- | M] () -- C:\WINDOWS\Installer\e356c7.msp
[2010/10/14 15:57:14 | 011,189,248 | R--- | M] () -- C:\WINDOWS\Installer\e356de.msp
[2010/09/17 05:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\e356e8.msp
[2011/12/08 19:39:53 | 000,493,056 | ---- | M] () -- C:\WINDOWS\Installer\f40771a.msi
[2012/03/27 09:47:55 | 004,959,232 | R--- | M] () -- C:\WINDOWS\Installer\f47ef79.msp
[2011/01/18 22:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\f767c67.msp
[2011/03/28 02:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\f767c75.msp
[2009/07/08 21:08:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{8355F970-601D-442D-A79B-1D7DB4F24CAD}.SchedServiceConfig.rmi
[2010/01/22 16:33:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[2009/07/20 16:22:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}.SchedServiceConfig.rmi
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %windir%\system32\tasks\*.* /64 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ERDNT\cache\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008/04/13 18:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe
[2006/02/28 06:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: EXOTIC-3C629299
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B 
Volume 1 C NTFS Partition 148 GB Healthy System 
Volume 2 D NTFS Partition 143 GB Healthy 
Volume 3 E NTFS Partition 175 GB Healthy 
Volume 4 G KINGSTON FAT32 Removeable 3741 MB

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

A lot better now, so feeling on top of things again 

------

I'll have a think about the usb's as well 

I'll have a look at the log in a second, but can you re-run with OTL as follows, and only the one log will appear:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Select 
*All Users*
*LOP Check*
*Purity Check*

Under the *Standard Registry* box change it to *All*

Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.


----------



## eddie5659 (Mar 19, 2001)

Please download *aswMBR* ( 4.5MB ) to your desktop.

Double click the *aswMBR.exe* icon, and click *Run*.
When asked if you'd like to "download the latest Avast! virus definitions", click *Yes*.
Click the *Scan* button to start the scan.
On completion of the scan, click the *save log* button, save it to your *desktop*, then copy and paste it in your next reply.


----------



## ep2002 (Oct 31, 2006)

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 00:55:53
-----------------------------
00:55:53.109 OS Version: Windows 5.1.2600 Service Pack 3
00:55:53.109 Number of processors: 2 586 0xF06
00:55:53.109 ComputerName: EXOTIC-3C629299 UserName: Michelle
00:56:09.312 Initialize success
01:02:54.437 AVAST engine defs: 12111601
01:03:34.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10
01:03:34.750 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
01:03:34.765 Disk 0 MBR read successfully
01:03:34.765 Disk 0 MBR scan
01:03:34.796 Disk 0 Windows XP default MBR code
01:03:34.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 151260 MB offset 63
01:03:34.828 Disk 0 Partition - 00 0F Extended LBA 325677 MB offset 309781395
01:03:34.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 146255 MB offset 309781458
01:03:34.859 Disk 0 Partition - 00 05 Extended 179421 MB offset 609313320
01:03:34.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 179421 MB offset 609313383
01:03:34.906 Disk 0 scanning sectors +976768065
01:03:34.984 Disk 0 scanning C:\WINDOWS\system32\drivers
01:03:49.718 Service scanning
01:04:06.078 Modules scanning
01:04:10.718 Disk 0 trace - called modules:
01:04:10.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
01:04:10.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0eeab8]
01:04:10.750 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b12b968]
01:04:10.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-10[0x8b118b00]
01:04:15.968 AVAST engine scan C:\WINDOWS
01:04:25.093 AVAST engine scan C:\WINDOWS\system32
01:07:27.312 AVAST engine scan C:\WINDOWS\system32\drivers
01:07:44.265 AVAST engine scan C:\Documents and Settings\Michelle
01:15:34.250 AVAST engine scan C:\Documents and Settings\All Users
01:17:19.312 Scan finished successfully
01:19:07.234 Disk 0 MBR has been saved successfully to "D:\Notes\ASWMBR\MBR.dat"
01:19:07.265 The log file has been saved successfully to "D:\Notes\ASWMBR\aswMBR-11-16-12.txt"


----------



## ep2002 (Oct 31, 2006)

Here you go...

OTL logfile created on: 11/17/2012 1:38:42 AM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 67.30% Memory free
6.09 Gb Paging File | 5.07 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.72 Gb Total Space | 119.09 Gb Free Space | 80.62% Space Free | Partition Type: NTFS
Drive D: | 142.83 Gb Total Space | 126.85 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive E: | 175.22 Gb Total Space | 147.63 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
Drive G: | 3.65 Gb Total Space | 0.18 Gb Free Space | 4.93% Space Free | Partition Type: FAT32

Computer Name: EXOTIC-3C629299 | User Name: Michelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Tracker\service\Screenshot.exe ()
PRC - C:\Program Files\Tracker\Tracker.exe ()
PRC - C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
PRC - C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
PRC - C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
PRC - D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll ()
MOD - C:\Program Files\Tracker\service\Screenshot.exe ()
MOD - C:\Program Files\Tracker\Tracker.exe ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\CrashPlan\md5.dll ()
MOD - C:\Program Files\CrashPlan\cpnative.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\RingCentral\RingCentral Call Controller\RCTH.dll ()
MOD - C:\Program Files\RingCentral\RingCentral Call Controller\RCABEx.dll ()
MOD - C:\Program Files\RingCentral\RingCentral Call Controller\Characters\RCSPSkSPVista.dll ()
MOD - C:\Program Files\RingCentral\RingCentral Call Controller\NetFixDll.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
MOD - C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
MOD - C:\Program Files\Shelltoys\Personal Assistant\tcdbtext.dll ()

========== Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
SRV - (LMIMaint) -- D:\Notes\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- D:\Notes\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (LogMeIn) -- D:\Notes\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)

========== Driver Services (SafeList) ==========

DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (TrueSight) -- C:\WINDOWS\system32\drivers\TrueSight.sys ()
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (LMIInfo) -- D:\Notes\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (BrUsbSIb) -- C:\WINDOWS\system32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\WINDOWS\system32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.SYS (ASUSTeK Computer Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D.sys (ASUSTeK COMPUTER INC.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C 95 A5 63 2D 6B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.exoticpublishing.com/adminDB/freelancers_maintenance.php|http://exoticpublishing.hyperoffice.com/|https://www.mcssl.com/Netcart/login/login.asp?pr=6|https://www.secure-ebook.com/login.jsp?myAction=login|http://www.mimeo.com/|http://www.fiverr.com/|http://www.odesk.com|http://66.7.214.224/cpanel/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.90.6
FF - prefs.js..extensions.enabledAddons: {b442f4c0-c292-4998-aabe-48608a73ba75}:1.0.1.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.15
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.4
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.5
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.2
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.5.1
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/22 15:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 13:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/04 13:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/29 18:53:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions
[2010/03/07 07:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/14 19:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/11/16 13:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions
[2012/11/09 14:59:00 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/11/15 20:09:09 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/08/04 18:54:40 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:27 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/10/17 16:34:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\chrome
[2012/07/21 04:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]\defaults
[2012/06/27 00:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions
[2012/05/23 03:55:55 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/27 15:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/28 23:28:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/18 02:55:25 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}-trash
[2009/12/17 16:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}-trash
[2010/08/29 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}-trash
[2012/05/31 06:47:34 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/08 23:46:56 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/04/20 12:37:07 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (FreePriceAlerts.com) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/19 19:11:13 | 000,000,000 | ---D | M] ("StretchClock") -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/06/26 23:26:07 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/04/20 14:14:39 | 000,000,000 | ---D | M] (WASP) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2010/05/28 14:52:59 | 000,000,000 | ---D | M] (Xsticky-Tool) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\chrome
[2012/05/11 19:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]\defaults
[2012/06/04 01:56:07 | 000,012,835 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:07 | 000,164,722 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/10/31 18:42:39 | 002,042,908 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/08/20 19:23:04 | 000,409,278 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:08 | 000,058,906 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/11/16 13:57:50 | 000,549,807 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\[email protected]
[2012/06/04 01:56:09 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/02/09 07:58:31 | 000,246,025 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/25 00:28:56 | 000,012,835 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/02/23 23:54:43 | 000,164,722 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/06 05:35:27 | 000,009,020 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2011/11/17 22:45:04 | 000,058,906 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\[email protected]
[2012/05/26 02:14:50 | 000,336,363 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/06/02 10:14:14 | 000,554,352 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{5e889f11-3738-6e34-f5ad-ccce03875424}.xpi
[2012/05/08 01:13:46 | 000,527,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi
[2011/06/24 19:22:44 | 000,025,217 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75}.xpi
[2012/01/06 03:17:00 | 000,634,964 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 02:46:48 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012/03/08 23:41:17 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\vc1po946.default\searchplugins\search-the-web.xml
[2012/10/19 04:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/28 15:05:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/19 04:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}-trash
[2012/10/28 15:05:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/10 19:56:39 | 000,583,528 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInst11.dll
[2007/03/22 17:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2012/03/26 09:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012/06/06 23:44:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/06/06 23:44:34 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/06/06 23:44:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/06/06 23:44:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/06/06 23:44:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/06/06 23:44:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/06/06 23:44:35 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/08/31 01:13:57 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/08/31 01:13:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/31 01:13:57 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/08/31 01:13:57 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/10/19 04:25:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/31 01:13:57 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/08/31 01:13:57 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Michelle\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 11.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInst11.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.8_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: LastPass = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\

O1 HOSTS File: ([2012/02/19 23:54:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] D:\Notes\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Michelle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Michelle\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Tracker.lnk = C:\Program Files\Tracker\Tracker.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: exoticpublishing.com ([]https in Trusted sites)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} http://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab (RingCentral Message Player Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssupport.webex.com/client/T27L10NSP11EP13-5395-linksyssupport/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C63AB7-91F2-4939-82A0-88C6628A5C31}: DhcpNameServer = 8.15.12.5 8.5.244.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E4F7C4-7DC6-489A-9574-0FF705F312F3}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 20:31:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 14:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2012/11/15 14:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/11/07 02:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/10/29 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/10/21 01:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Web Dimensions
[2012/10/20 04:43:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/20 04:43:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/20 04:43:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/19 04:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/26 23:26:10 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/11/17 01:47:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF2BBE8E-6664-4FF1-98F7-FD126014864A}.job
[2012/11/17 01:42:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003UA.job
[2012/11/17 01:33:44 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\Michelle\Start Menu\Programs\Startup\Tracker.lnk
[2012/11/17 01:32:38 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 01:32:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/17 01:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/17 01:30:17 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/17 01:11:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/17 00:01:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/16 23:59:29 | 000,430,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/16 23:59:29 | 000,066,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/16 21:42:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1844237615-839522115-1003Core.job
[2012/11/15 00:32:59 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Michelle\Desktop\IrfanView.lnk
[2012/11/14 07:32:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/14 05:02:12 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/11/14 05:02:11 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/11/14 05:02:11 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/11/12 12:01:40 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/08 13:14:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/11/07 02:15:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/31 03:05:30 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/10/21 01:29:53 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/10/18 23:26:08 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/18 23:26:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/11/07 02:15:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/10/21 01:29:52 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICCPro.lnk
[2012/05/29 03:44:37 | 000,069,037 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\Doxillion.dmp
[2012/04/08 18:44:58 | 000,123,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/04/08 00:50:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Michelle\PUTTY.RND
[2012/02/14 14:32:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 00:04:37 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/01/20 00:04:37 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/01/08 01:59:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/22 15:26:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/09/10 16:24:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\pathping
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Trace
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Source
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Hop
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\eonda.net
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\Computing
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\8
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\7
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\6
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\[192.168.1.101]
[2011/09/10 16:10:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\.26.49]
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\over
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\5
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\4
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\3
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\2
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\1
[2011/09/10 16:10:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\0
[2011/05/06 12:19:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2011/02/22 18:18:25 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/02/22 18:18:25 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/02/22 18:17:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/02/22 18:16:51 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/02/22 18:16:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/01/03 13:49:39 | 000,166,704 | ---- | C] () -- C:\WINDOWS\System32\R0tiff.dll
[2010/11/18 23:40:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michelle\defogger_reenable
[2009/06/08 21:32:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Michelle\Application Data\$_hpcst$.hpc
[2009/02/16 05:59:24 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Michelle\clipdat2.rdf
[2008/08/03 22:38:23 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Michelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Michelle\Application Data\Thunderbird\Profiles\6huofoaa.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2008/07/26 14:46:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/03 18:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2012/01/06 05:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chit Chat For Facebook
[2011/12/05 17:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/08/26 12:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/07/30 17:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2008/09/26 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/10/05 11:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2008/07/28 21:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2009/08/12 12:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/22 01:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2011/11/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/01/07 14:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/09/06 16:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/06/01 01:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/02/21 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/08/02 01:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2012/04/16 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/06/14 16:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/07/24 01:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/08 21:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 22:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/08/20 08:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\acccore
[2010/08/29 12:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Auslogics
[2012/07/26 18:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\calibre
[2009/11/24 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CBS Interactive
[2008/07/24 02:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/09 14:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.elance.tracker
[2012/04/08 17:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.infomastery.linkbounder-rmv
[2012/06/17 22:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\com.webdimensions.instant-content-curator-pro
[2012/07/30 17:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\CrashPlan
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Domain Name Analyzer v4.1
[2012/06/21 03:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Downloaded Installations
[2012/11/17 01:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Dropbox
[2009/07/17 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eBookPro6
[2008/09/26 22:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eFax Messenger
[2008/12/24 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\eMusic
[2012/06/21 03:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\FileOpen
[2010/04/29 19:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\GARMIN
[2008/09/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ICQ
[2009/11/11 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Image Zone Express
[2011/01/03 17:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\ImgBurn
[2008/09/26 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\j2 Global
[2011/11/29 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\mjusbsp
[2012/01/07 14:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\NCH Swift Sound
[2008/08/07 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nexon
[2012/06/21 03:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Nitro PDF
[2012/01/20 00:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OnlineArmor
[2012/02/28 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\OpenOffice.org
[2010/09/01 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Password Manager
[2010/07/28 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Recordpad
[2012/08/01 01:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Runscanner.net
[2011/04/28 01:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Skinux
[2010/04/27 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SmartDraw
[2012/02/27 00:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Softnik Technologies
[2012/03/21 02:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\SystemRequirementsLab
[2012/08/06 18:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TeamViewer
[2010/03/07 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\Thunderbird
[2011/10/07 23:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Happy Birthday 

Okay, that doesn't actually show anything bad 

However, can you cast your mind back to here:

http://forums.techguy.org/8326660-post132.html

In there, I managed to get you to post some crash reports. Now, before, when you posted them, nothing worked when I tried to look at them, but now they do!!!!

So, can I ask you to get the crash reports for TB, last 4 or so crashes.

And, we can do it for Firefox.

So, for TB, not sure which option you did before, but if you can do the same, that would be great. However, if you want to do it this way, you do the same for Firefox as well 

Go to Start | Run and copy/paste the following and press Enter:

*%APPDATA%\Thunderbird\Crash Reports\submitted\*

Then, in there, sort by date so that you have the latest, then you should be able to open the text file, so that inside is the bp- number. Copy/paste a few of them here.

For Firefox go here:

*%APPDATA%\Mozilla\Firefox\Crash Reports\submitted*

And again, by date for the latest, copy/paste the numbers here.

eddie


----------



## ep2002 (Oct 31, 2006)

Oh thank you 

Ok, just so you know, Fx & TB seem to be crashing together lately. Very frustrating.

I'm also again having problems with being able to open sites in Fx. Before this was only happening when I had too many windows open, but the other day it happened & I only had 6 windows open 

Here's the TB reports, but I don't see anything in them really unless I just don't understand that that one line somehow gives you all you need: (most recent starts at the top)

Crash ID: bp-8d7f9b8a-eeba-4ae5-9af1-dcdfe2121128
Crash ID: bp-ca06eb77-c221-4502-9107-56ce72121115
Crash ID: bp-7a0591c3-a862-4b92-8716-cabb62121113
Crash ID: bp-544538f3-f82a-475c-a3c2-982382121110
Crash ID: bp-1ec714e8-4a2b-4d11-8692-ba67d2121108
Crash ID: bp-5daaf218-c02d-47af-8f75-72e0a2121029
Crash ID: bp-7e598c5a-5ea4-4bfc-9ae2-f32dc2121025

Fx:

Crash ID: bp-a311e9a0-ef3a-40da-8c82-eb83b2121128
Crash ID: bp-82d29e27-1f0f-4d26-bcee-496d02121116
Crash ID: bp-8ebfca8d-5a82-4307-a55b-6e4932121113
Crash ID: bp-2df7ea80-149e-42d7-89d1-0bf2e2121112
Crash ID: bp-bc65ead4-80bb-4ee1-a31f-a0cb62121105
Crash ID: bp-0bc941a8-5d82-4d0f-acd5-173042121101
Crash ID: bp-88a60943-27b0-45b2-af45-705aa2121030

Hope you find something 

Thank you


Michelle


----------



## ep2002 (Oct 31, 2006)

P.S. I can't remember if I told you that ever since I got to Panama I've had problems with my computer clock. Finally the only person who told me how to fix it was some so called techie here in Panama.

BUT, the time on TB is still a problem.

The e-mail comes in showing an hour behind the actual time. So if you send me an e-mail now, it will show 6:49 am even though it's actually 7:49 am.

No one has been able to fix this problem & I can't remember if I told you about it.

TB has never had this problem before & I've been using it since around 2004.


----------



## eddie5659 (Mar 19, 2001)

With regards to the reports, I can see some things, but will research a bit deeper on them 

Can't remember about the clock, but you do have some plugins that are related to email in TB, so I'll also see if any of them are known to cause problems. Again, I can get them from the above, but will take me a few days of research on them


----------



## ep2002 (Oct 31, 2006)

Well thank gawd you can see something. I've been starting to think that it's so bad & deep you can't find the problem(s). 

I doubt it's the TB plugins. I've had the same plugins (although different versions) for years. I've gotten rid of most of them & it only started when I moved here. Prior to that it was fine.

Some strange things are happening, one problem I mentioned before is back. Crash Plan suddenly stops working. It can't seem to get access to the computer, so the house that is normally blue is greyed out. The only way to fix it is to reboot.

Also Skype disappeared from my toolbar. Didn't even realize it until I needed to use it. Then even after I brought it up, it wouldn't X to my toolbar. Finally I went in & the checkmark that's normally there was suddenly unchecked & I know I didn't do that.

Also that other program Instant Content Currator can't be found unless I do a search for it & even when I search for it, it's not giving me a button that I can click on to bring up the program, it's giving me some loose files or something.

The icon is missing from the quick launch & from the programs area. That I know happened after we ran one of the cleaners a few weeks ago. I didn't notice it right away, but I remembered when I did notice it that we had run something.

I can't get it back.

If I DL it & then try to reinstall it, it will popup, but the quick launch is still missing & I can't find it in programs. I need to be able to access it to work. Can you fix it pls.?

Thanks


Michelle


----------



## ep2002 (Oct 31, 2006)

Just an update that somehow these files got DLed into my DLs folder & I certainly didn't put them there.


----------



## eddie5659 (Mar 19, 2001)

Do you use any file sharing programs, like torrent etc?


----------



## eddie5659 (Mar 19, 2001)

Okay, so the first report you posted for TB is of the latest version, 17.0. However, in there you have this plugin:

https://addons.mozilla.org/en-US/firefox/addon/test-pilot/

This may be causing problems, as it sends data to you all the time. Do you remember installing it?

If not, it may be installed automatically on an update 

So, I checked the Compatability report on this, and it shows as having problems on this version with the test-pilot addon!!

So, disabling that may help.

-----

The other versions are 16.0.2, so older TB's, but will still check them..

Now, the second one states that the module causing the fault is xul.dll

Same with third.

Fourth may be linked to email, same xul.dll file as above

Others are empty

-------

Checking other addons now:

[email protected] - OK 
[email protected] - ok
[email protected] - ok
[email protected] - ok
[email protected] - ok
[email protected] - ok
{d37dc5d0-431d-44e5-8c91-49419370caa1} - ok
{D719B74B-E716-403b-91A9-1CE455AB8ccc} - ok
{8845E3B3-E8FB-40E2-95E9-EC40294818C4} - problems, Quicktext

=================

Firefox:

[email protected] - problems, Roomy Bookmarks Toolbar
[email protected] - problems, LastPass Password Manager
[email protected] - problems, Firebug
[email protected] - problems with capture, Awesome Screenshot Plus

However, that doesn't mean that these are the problems. The number one reason for crashing, as I get them as well, is with Adobe instability.

------------

Now, not sure if you've tried, but how stable is Chrome? Have you tried it?

Try disabling the test-pilot one first of all.

------

Now, you said this above:



> I doubt it's the TB plugins. I've had the same plugins (although different versions) for years. I've gotten rid of most of them & it only started when I moved here. Prior to that it was fine.


So, before you moved, TB/Fx was okay, stable etc? Are you with a different ISP? Also, are you using a different router etc?

-----

With regards to CrashPlan, is it the backing up you're having problems with? Have you tried re-installing it?

For Instant Content Currator, can you remember which tool we ran that caused the problems?

eddie


----------



## ep2002 (Oct 31, 2006)

eddie5659 said:


> Do you use any file sharing programs, like torrent etc?


Sorry for the delay. Not on this computer, no.


----------



## ep2002 (Oct 31, 2006)

re: https://addons.mozilla.org/en-US/fir...on/test-pilot/

No, I don't have that as an add-on 

Re: {8845E3B3-E8FB-40E2-95E9-EC40294818C4} - problems, Quicktext

I love that add-on 

Re:

[email protected] - problems, Roomy Bookmarks Toolbar
[email protected] - problems, LastPass Password Manager
[email protected] - problems, Firebug
[email protected] - problems with capture, Awesome Screenshot Plus

The only one I could do without is Firebug. The others I have to have. I use them all the time.

Yes I already use Chrome, but only b/c some sites don't work well on Fx & also b/c I may have 2 accts. for some sites so this way I can open both at the same time.

As for replacing Fx with Chrome 100%, no way. Fx has way more that I like. Plus Chrome has been crashing more often recently. There's no way I can get past 8-10 windows otherwise it crashes, although I can't say for certain b/c I don't usually go beyond 7 windows.

As for moving here yes LOL, I'm in a different country & with a TERRIBLE ISP & no I can't move ISPs, as there's no options to move to. They won't change, they are morons. Nothing I can do about it. I gave up complaining as it's like talking to a 2 year old. They are clueless & there's a lot of spam that comes out of this country. My ISP is on one blacklist or another at any given time. They don't care, they are numbskulls. I have to get my hosting company to help me get it removed half the time.

As for the router, yes, I thought maybe some of the problems were router related, so I got a new Linksys. That was at least a year ago.

I'm not saying that Fx or TB never had problems before I moved here, but there were 90% less problems & not to this extent. But remember it's been 1.5 years since I've been here & we've gone thru a lot of version upgrades since then, so I thought those were the problems. You think it's b/c of this country? That wouldn't surprise me in the least. I hate it here. Yes I want to move, but no moolah to do so.

Crash Plan greys out for no reason & then turns back on when I reboot. I didn't want to have to reinstall it, so I haven't spent the time.

Instant Content Currator I uninstalled & reinstalled it & now it's in the program files. Don't remember which program we used caused it as I don't use it often enough to remember.

I'm back to having Fx not bringing up pages when I click on links.

Also TB (could be my fault, I have to spend some time deleting e-mails from inboxes as that's a no no with TB) is causing hanging problems. Every time an e-mail comes in, it's been freezing all other programs.

How are you doing?

Thanks

Michelle


----------



## eddie5659 (Mar 19, 2001)

For the files in your downlaod folder, it looks like they're from this:

CASH-Abc Demo Demo

http://www.softpicks.net/software/Business/Accounting-Tools/CASH-Abc-Demo-Demo-213552.htm

Do you remember trying out the program?



> re: https://addons.mozilla.org/en-US/fir...on/test-pilot/
> 
> No, I don't have that as an add-on


That's interesting, as it shows you have it in the first TB report. Did you check Thunderbird as well as Firefox?



> Re: {8845E3B3-E8FB-40E2-95E9-EC40294818C4} - problems, Quicktext
> 
> I love that add-on


I didn't actually mean that is was a bad add-on, just that its caused some problems for people in the past, and may be related 



> [email protected] - problems, Roomy Bookmarks Toolbar
> [email protected] - problems, LastPass Password Manager
> [email protected] - problems, Firebug
> [email protected] - problems with capture, Awesome Screenshot Plus
> ...


Okay, could you try disabling Firebug for now, and see if the problems persist?



> Crash Plan greys out for no reason & then turns back on when I reboot. I didn't want to have to reinstall it, so I haven't spent the time.


I'll have a look at this and see if I can see why this happens.

I have a real strong feeling its to do with Flash from Adobe, but I need to dig on that a bit. Can you go here and tell me which version you have, in all browsers that you use. It may be different in each one:

http://www.adobe.com/software/flash/about/

On the right, just under the animation, is the version information.

eddie


----------



## ep2002 (Oct 31, 2006)

Hi Eddie,

How are you doing?

Ok here we go...

1. Yes I remember that CASH software now. I don't need it. It's from years ago. Problem is, I don't see it under "C" or "S" in my downloads folder or in Control Panel.

2. Ahh, LOL, I found the test pilot in TB & disabled it.

3. Disabled Firebug in Fx.

4. Flash - I think there's been 2 updates in the last couple of weeks.

Fx - You have version 11,5,502,135 installed
Chrome - You have version 11,5,31,5 installed

Thanks


Michelle


----------



## eddie5659 (Mar 19, 2001)

Not so bad. Hope you had a great Christmas and here's to a Happy New Year :up:

Okay, lets see if there is anything left of that program. If you still have Systemlook, can you do the following. If not, get a fresh one from here:

Download SystemLook

So, use the following code and post the log it creates:


```
:filefind
*CASH-ABC*
*cashabc*
:folderfind
*CASH-ABC*
*cashabc*
:regfind
CASH-ABC
cashabc
```
--------

Any joy with the disabling of the addons, as in does it help stop the problem?

As for the Flash, looks like they're all the curret updates. I'm also praying this gets a move on, as it looks like this may be a fix for you, as its linked to Flash:

http://www.theregister.co.uk/2012/12/20/firefox_20_h264_windows/

However, that's not helping at the moment.

Now, I'd like to do a test on the Chrome browser, to see if it is the cause. If not, back to the drawing board again 

open Chrome and click in the address bar. Type

*about: plugins*

Scroll down to find the Flash plugin and pay attention to if there is more than one version installed. Do you notice multiple versions?


----------

