explorer.exe 0xc000022 error

Status
Not open for further replies.
OK well they have cleaned the error message and i am running in normal mode fine now!! what else do we need to do?? i would like to optimize and clean this system up as best as possible. I also have a question. when I go into the user folders there are a junk load of ntuser.dat files can these be deleted??? just looking around and trying to clean out as much stuff as possible!!

thanks
 
Hi chiro.j.elliott,

Good stuff.The ntuser.dat files a used by windows to store the registry settings for the profiles. You do not want to remove them.


Before we continue how is the computer running? Any issues?
 
Hi chiro.j.elliott,


LimeWire
You have LimeWire, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



You have an old vulnerable version of Java to uninstall
  • click the Start button
  • click Control Panel
  • click Programs
  • click Programs and Features.
Uninstall Java(TM) 6 Update 7

Do not uninstall Java(TM) 6 Update 30


Next

Go to Start > Control Panel , switch to Classic View if it isn't already.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now


Let's see where we're at.


Open OTL
  • Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • check the box beside scan all users
  • In the Extra Registry section change it to All
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Deskuop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.


Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
OTL.TXT

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop

Extras.TXT

OTL Extras logfile created on: 2/29/2012 12:31:45 PM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Ryan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.39% Memory free
8.09 Gb Paging File | 6.00 Gb Available in Paging File | 74.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 199.78 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-439345834-1935634858-439274127-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 34 4D 03 20 97 DF CC 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux
"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1455A2A8-FD2B-49B8-8126-DA9FC6D3085F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D06326A-C6F7-4C71-A0B9-C54251853A54}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3C3E801A-194C-48D0-BD1B-B5C881FF8111}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D0B203F-3C1A-4591-9DC9-4551F3E62943}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{6EFD87E5-5A67-4319-98A7-CC3AC0BA1E73}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7C09CCC8-C88E-422C-B354-B9CEB5A4BA22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92F73CAA-3F94-4A8E-9D26-22F2DFC79718}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A4E54CF0-E093-499C-99EC-FD332A1E4059}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{D37AE390-1100-4930-961B-8076BA15DD75}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E3EA9013-594D-4095-A4D6-15553B278576}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E862E82C-D0E8-4DE5-8330-F5E8C0B17821}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF20B4CD-8369-4BF1-8F9D-2C1AAC72F714}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28F191EA-672F-4DB2-8CED-8468B92070BD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{43CC97A7-BF60-488C-9AEE-7F954E7EC6B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4DEF17ED-405A-48A3-9E52-023F16E76805}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{7BBCCEAB-D53A-4F5D-B247-9474229A9643}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{960F2768-392C-4280-8709-FB83B3E62BAA}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A7452BB1-71CC-44D1-B5BA-6A6DB602D4D7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B593F267-F7F9-4DFF-A125-6128F9EB97AC}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{BA90AB0B-7042-40EA-94B9-FFE3788A266B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{F5B7BB6B-036C-4AE0-BFC1-5BA03F72BB06}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{748A3140-AF11-4071-B0C5-A62F1B0E62E7}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"UDP Query User{E4D095BD-60B4-4D85-9BB3-680CE997D91C}C:\program files (x86)\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034062D1-50A4-4AAE-A82D-5264DBC1A32B}" = Macrium Reflect Free Edition
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2247B69B-C764-41D0-B0DA-812F3E00C268}" = DigitalPersona Personal 3.1.0
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F2393654-7D1F-48B3-9E4C-4007D120ABB8}" = AuthenTec Fingerprint Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PhotoCardMaker_is1" = PhotoCardMaker 1.0.3
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2011 10:11:43 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0xc38, application start time
0x01cc37f8cdd09f29.

Error - 7/1/2011 10:12:16 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x118, application start time
0x01cc37f8e16e78e9.

Error - 7/1/2011 10:12:48 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0xb44, application start time
0x01cc37f8f4b681e9.

Error - 7/1/2011 10:13:21 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x1104, application start time
0x01cc37f908594d49.

Error - 7/1/2011 10:14:00 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x166c, application start time
0x01cc37f91fb9ad49.

Error - 7/1/2011 10:14:33 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x1190, application start time
0x01cc37f93374d309.

Error - 7/1/2011 10:15:07 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x1748, application start time
0x01cc37f9475d32e9.

Error - 7/1/2011 10:15:40 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x13d0, application start time
0x01cc37f95b2aaff9.

Error - 7/1/2011 10:16:14 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0x148c, application start time
0x01cc37f96f56a0b9.

Error - 7/1/2011 10:16:48 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application CToolbar.exe, version 0.0.0.0, time stamp 0x4d787c0c,
faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733e1, exception
code 0xc0000005, fault offset 0x0006f1e7, process id 0xe48, application start time
0x01cc37f983a73849.

[ Broadcom Wireless LAN Events ]
Error - 1/31/2012 1:11:13 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 11:11:13, Tue, Jan 31, 12 Error - User "" does not have administrative
privileges on this system

Error - 1/31/2012 10:55:11 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 20:55:11, Tue, Jan 31, 12 Error - Unable to gain access to user store


Error - 2/2/2012 2:27:39 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 12:27:39, Thu, Feb 02, 12 Error - Unable to gain access to user store


Error - 2/21/2012 1:17:33 AM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 23:17:30, Mon, Feb 20, 12 Error - Unable to gain access to user store


Error - 2/22/2012 1:09:21 AM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 23:09:21, Tue, Feb 21, 12 Error - Unable to gain access to user store


Error - 2/23/2012 11:03:25 AM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 09:03:25, Thu, Feb 23, 12 Error - Unable to gain access to user store


Error - 2/27/2012 7:28:09 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 17:28:09, Mon, Feb 27, 12 Error - User "" does not have administrative
privileges on this system

Error - 2/27/2012 7:28:10 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 17:28:10, Mon, Feb 27, 12 Error - User "" does not have administrative
privileges on this system

Error - 2/29/2012 1:48:44 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 11:48:44, Wed, Feb 29, 12 Error - User "" does not have administrative
privileges on this system

Error - 2/29/2012 1:48:44 PM | Computer Name = Ryan-PC | Source = WLAN-Tray | ID = 0
Description = 11:48:44, Wed, Feb 29, 12 Error - User "" does not have administrative
privileges on this system

[ DigitalPersona Pro Events ]
Error - 5/28/2009 3:45:30 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 5/29/2009 1:01:08 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 8/3/2009 3:06:36 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827589
Description = DPHost cannot start. Error: 0x8009000f

Error - 2/6/2010 6:13:46 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 4/10/2010 10:25:14 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/29/2012 9:04:41 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/29/2012 9:04:44 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/29/2012 9:05:09 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/29/2012 9:05:13 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 1/30/2012 4:49:54 PM | Computer Name = Ryan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ System Events ]
Error - 2/26/2012 10:04:22 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/26/2012 10:04:40 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/27/2012 10:49:38 AM | Computer Name = Ryan-PC | Source = HTTP | ID = 15016
Description =

Error - 2/27/2012 10:49:46 AM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/27/2012 10:49:46 AM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/27/2012 7:30:22 PM | Computer Name = Ryan-PC | Source = HTTP | ID = 15016
Description =

Error - 2/27/2012 7:30:54 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 2/27/2012 7:30:54 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2/28/2012 10:15:28 AM | Computer Name = Ryan-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 2/28/2012 8:27:43 PM | Computer Name = Ryan-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
 
opps sorry!!

OTL logfile created on: 2/29/2012 12:31:45 PM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Ryan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 45.39% Memory free
8.09 Gb Paging File | 6.00 Gb Available in Paging File | 74.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 199.78 Gb Free Space | 69.36% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Dell Video Chat\SDL.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (ATService) -- C:\Program Files\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\DRIVERS\motmodem.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys ()
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()
DRV:64bit: - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\Windows\SysNative\DRIVERS\swumx80.sys ()
DRV:64bit: - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\Windows\SysNative\DRIVERS\swnc8u80.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-439345834-1935634858-439274127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-439345834-1935634858-439274127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-439345834-1935634858-439274127-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/01/14 03:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 17:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009/01/14 03:26:01 | 000,000,000 | ---D | M]

[2010/02/08 13:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2010/02/08 13:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/01 14:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\r5a2vp3k.default\extensions
[2012/02/27 13:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/27 13:12:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/26 17:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5A2VP3K.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/02/26 17:56:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/24 05:21:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/24 05:21:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/26 18:17:46 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-439345834-1935634858-439274127-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-439345834-1935634858-439274127-1000..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-439345834-1935634858-439274127-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-439345834-1935634858-439274127-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-439345834-1935634858-439274127-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2961302D-0820-4732-9602-FF83D5402027}: DhcpNameServer = 209.183.50.151 209.183.50.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F989BEA-572A-4367-97B7-768ECC652223}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB2F24BD-7F6D-4397-9084-EBC202AA3EF3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/04 06:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 12:29:20 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/02/27 13:12:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/27 13:12:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/27 13:12:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/27 12:53:44 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video&sound
[2012/02/26 20:03:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/26 18:19:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/26 17:59:34 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/02/26 17:58:04 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/02/26 17:21:16 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/02/26 17:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/02/26 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Documents\Reflect
[2012/02/26 12:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/02/26 12:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2012/02/20 03:00:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/02/18 13:35:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\temp
[2012/02/18 13:29:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/18 13:15:57 | 004,406,994 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/02/14 17:54:58 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/14 17:54:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/14 17:54:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 17:54:57 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/14 17:54:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/14 17:54:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/14 17:54:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/14 17:54:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 17:54:56 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 17:54:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/14 17:54:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/14 17:54:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 17:54:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/14 17:54:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/14 17:53:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/14 17:52:57 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/14 17:50:44 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012/02/14 17:50:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/02/14 17:50:42 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012/02/14 17:50:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/14 17:50:42 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012/02/14 17:50:42 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012/02/14 17:50:42 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012/02/14 17:50:42 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/02/14 17:50:04 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2012/02/14 17:50:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2012/02/14 17:49:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
[2012/02/14 17:40:55 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/14 17:39:22 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/14 14:14:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/02/12 13:47:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2012/02/12 13:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/12 13:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/12 13:43:57 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/11 07:48:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 07:48:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 07:48:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 07:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 13:31:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/09 13:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/09 13:21:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2012/02/09 13:17:50 | 002,405,576 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher64.exe
[2012/02/09 13:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/02/09 13:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2012/02/09 13:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/09 13:06:50 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher.exe
[2012/02/09 13:05:04 | 014,190,784 | ---- | C] (DT Soft Ltd.) -- C:\Users\Ryan\Desktop\DTLite4452-0287.exe
[2012/02/09 13:03:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Roxio
[2012/02/09 12:58:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/02 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\PCPro
[2012/02/02 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\PC Cleaners
[2012/02/02 10:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/01 16:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/02/01 16:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Uniblue
[2012/02/01 16:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/01/30 14:44:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/30 14:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/30 14:42:10 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/30 14:36:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\*.tmp files -> C:\Users\Ryan\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 12:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/29 12:31:32 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{848E2E18-4748-41BC-8CD1-0FE55DBF0E82}.job
[2012/02/29 12:29:25 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2012/02/29 12:28:38 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 12:28:38 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 11:47:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 18:29:08 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/28 18:29:08 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/28 18:29:08 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/28 18:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 17:30:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/02/27 17:30:14 | 000,280,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/27 13:12:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/27 13:12:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/02/27 13:12:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/02/27 13:12:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/02/27 13:00:12 | 000,001,086 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2012/02/26 20:01:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/26 18:20:28 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/02/26 18:17:46 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/26 18:16:51 | 000,703,388 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 17:17:49 | 000,002,104 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/02/26 17:16:17 | 004,104,666 | ---- | M] () -- C:\Users\Ryan\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/02/26 12:46:35 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk
[2012/02/25 09:04:46 | 000,011,264 | ---- | M] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/25 08:57:53 | 000,001,699 | ---- | M] () -- C:\Users\Ryan\Desktop\Backup and Restore Center.lnk
[2012/02/25 08:56:50 | 000,000,732 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat
[2012/02/20 18:19:26 | 000,013,464 | ---- | M] () -- C:\Windows\SysNative\drivers\PSVolAcc.sys
[2012/02/20 18:19:18 | 000,043,672 | ---- | M] () -- C:\Windows\SysNative\drivers\psmounter.sys
[2012/02/18 13:29:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_890
[2012/02/18 13:15:54 | 004,406,994 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/02/15 03:57:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/14 14:14:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/02/12 13:46:58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 13:46:04 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/09 15:22:27 | 000,009,019 | ---- | M] () -- C:\Users\Ryan\Desktop\attach.zip
[2012/02/09 13:31:29 | 000,000,945 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/09 13:31:19 | 000,000,765 | ---- | M] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2012/02/09 13:31:19 | 000,000,746 | ---- | M] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2012/02/09 13:26:01 | 000,692,831 | ---- | M] () -- C:\Users\Ryan\AppData\Local\census.cache
[2012/02/09 13:25:52 | 000,151,775 | ---- | M] () -- C:\Users\Ryan\AppData\Local\ars.cache
[2012/02/09 13:21:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2012/02/09 13:17:53 | 002,405,576 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher64.exe
[2012/02/09 13:14:12 | 000,001,356 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2012/02/09 13:13:49 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher.exe
[2012/02/09 13:11:00 | 000,000,036 | ---- | M] () -- C:\Users\Ryan\AppData\Local\housecall.guid.cache
[2012/02/09 13:08:52 | 000,283,200 | ---- | M] () -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/02/09 13:05:53 | 001,402,880 | ---- | M] () -- C:\Users\Ryan\Desktop\HiJackThis.msi
[2012/02/09 13:05:19 | 014,190,784 | ---- | M] (DT Soft Ltd.) -- C:\Users\Ryan\Desktop\DTLite4452-0287.exe
[2012/02/09 12:43:33 | 060,979,200 | ---- | M] () -- C:\Users\Ryan\Desktop\PCRegedit.iso
[2012/02/01 22:27:00 | 000,000,176 | ---- | M] () -- C:\MSsupport.htm
[2012/01/30 14:36:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\*.tmp files -> C:\Users\Ryan\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 17:30:28 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/02/27 17:29:37 | 000,280,704 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/27 13:12:59 | 000,000,390 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{848E2E18-4748-41BC-8CD1-0FE55DBF0E82}.job
[2012/02/26 18:16:32 | 000,703,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 18:14:10 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/02/26 17:17:49 | 000,002,104 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/02/26 17:14:13 | 004,104,666 | ---- | C] () -- C:\Users\Ryan\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/02/26 12:46:35 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Reflect.lnk
[2012/02/25 08:57:53 | 000,001,699 | ---- | C] () -- C:\Users\Ryan\Desktop\Backup and Restore Center.lnk
[2012/02/22 03:00:51 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2012/02/20 18:19:26 | 000,013,464 | ---- | C] () -- C:\Windows\SysNative\drivers\PSVolAcc.sys
[2012/02/20 18:19:18 | 000,043,672 | ---- | C] () -- C:\Windows\SysNative\drivers\psmounter.sys
[2012/02/20 13:43:55 | 000,001,815 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/02/20 13:43:55 | 000,000,945 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/20 13:43:55 | 000,000,881 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK
[2012/02/15 03:57:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/14 17:55:30 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2012/02/14 17:55:26 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\xmllite.dll
[2012/02/14 17:54:58 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2012/02/14 17:54:57 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2012/02/14 17:54:57 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2012/02/14 17:54:57 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2012/02/14 17:54:57 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2012/02/14 17:54:57 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/14 17:54:57 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/14 17:54:56 | 001,147,392 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2012/02/14 17:54:56 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2012/02/14 17:54:56 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2012/02/14 17:54:56 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2012/02/14 17:54:55 | 002,350,592 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2012/02/14 17:54:55 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 17:54:55 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2012/02/14 17:54:55 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2012/02/14 17:54:54 | 012,477,952 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2012/02/14 17:54:53 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2012/02/14 17:54:53 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2012/02/14 17:54:53 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 17:54:53 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2012/02/14 17:54:52 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2012/02/14 17:54:51 | 009,292,288 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2012/02/14 17:54:51 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2012/02/14 17:54:50 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/14 17:54:50 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2012/02/14 17:53:49 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2012/02/14 17:53:49 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2012/02/14 17:52:57 | 001,555,968 | ---- | C] () -- C:\Windows\SysNative\DWrite.dll
[2012/02/14 17:52:57 | 001,149,440 | ---- | C] () -- C:\Windows\SysNative\FntCache.dll
[2012/02/14 17:52:57 | 000,479,744 | ---- | C] () -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/14 17:50:45 | 000,231,936 | ---- | C] () -- C:\Windows\SysNative\XpsRasterService.dll
[2012/02/14 17:50:44 | 003,068,416 | ---- | C] () -- C:\Windows\SysNative\xpsservices.dll
[2012/02/14 17:50:44 | 002,002,944 | ---- | C] () -- C:\Windows\SysNative\d3d10warp.dll
[2012/02/14 17:50:44 | 001,653,760 | ---- | C] () -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/14 17:50:44 | 001,257,984 | ---- | C] () -- C:\Windows\SysNative\MFH264Dec.dll
[2012/02/14 17:50:44 | 000,900,480 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2012/02/14 17:50:44 | 000,834,048 | ---- | C] () -- C:\Windows\SysNative\d2d1.dll
[2012/02/14 17:50:44 | 000,287,232 | ---- | C] () -- C:\Windows\SysNative\d3d10core.dll
[2012/02/14 17:50:44 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2012/02/14 17:50:43 | 001,461,760 | ---- | C] () -- C:\Windows\SysNative\OpcServices.dll
[2012/02/14 17:50:43 | 001,268,224 | ---- | C] () -- C:\Windows\SysNative\d3d10.dll
[2012/02/14 17:50:43 | 000,625,152 | ---- | C] () -- C:\Windows\SysNative\dxgi.dll
[2012/02/14 17:50:43 | 000,566,272 | ---- | C] () -- C:\Windows\SysNative\d3d10level9.dll
[2012/02/14 17:50:43 | 000,327,680 | ---- | C] () -- C:\Windows\SysNative\d3d10_1core.dll
[2012/02/14 17:50:43 | 000,196,096 | ---- | C] () -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/14 17:50:42 | 000,428,544 | ---- | C] () -- C:\Windows\SysNative\MFHEAACdec.dll
[2012/02/14 17:50:42 | 000,377,344 | ---- | C] () -- C:\Windows\SysNative\mfmp4src.dll
[2012/02/14 17:50:42 | 000,345,088 | ---- | C] () -- C:\Windows\SysNative\mfreadwrite.dll
[2012/02/14 17:50:04 | 000,735,744 | ---- | C] () -- C:\Windows\SysNative\UIAutomationCore.dll
[2012/02/14 17:50:04 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\oleacc.dll
[2012/02/14 17:50:04 | 000,004,096 | ---- | C] () -- C:\Windows\SysNative\oleaccrc.dll
[2012/02/14 17:49:18 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\mciwave.dll
[2012/02/14 17:49:17 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mcicda.dll
[2012/02/14 17:49:17 | 000,028,160 | ---- | C] () -- C:\Windows\SysNative\mciseq.dll
[2012/02/14 17:40:55 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\packager.dll
[2012/02/14 17:39:23 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2012/02/12 13:46:58 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 13:46:57 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 07:48:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 07:48:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 07:48:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 07:48:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 07:48:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 15:22:27 | 000,009,019 | ---- | C] () -- C:\Users\Ryan\Desktop\attach.zip
[2012/02/09 13:31:19 | 000,000,765 | ---- | C] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2012/02/09 13:31:19 | 000,000,746 | ---- | C] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2012/02/09 13:26:01 | 000,692,831 | ---- | C] () -- C:\Users\Ryan\AppData\Local\census.cache
[2012/02/09 13:25:52 | 000,151,775 | ---- | C] () -- C:\Users\Ryan\AppData\Local\ars.cache
[2012/02/09 13:11:00 | 000,000,036 | ---- | C] () -- C:\Users\Ryan\AppData\Local\housecall.guid.cache
[2012/02/09 13:08:52 | 000,283,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/02/09 13:05:53 | 001,402,880 | ---- | C] () -- C:\Users\Ryan\Desktop\HiJackThis.msi
[2012/02/09 12:42:06 | 060,979,200 | ---- | C] () -- C:\Users\Ryan\Desktop\PCRegedit.iso
[2012/02/01 22:27:00 | 000,000,176 | ---- | C] () -- C:\MSsupport.htm
[2012/02/01 13:57:56 | 000,000,732 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat
[2012/01/29 22:28:23 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2009/06/05 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Bytemobile
[2009/03/28 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\DigitalPersona
[2009/10/03 15:52:10 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Doblon
[2012/01/30 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\LimeWire
[2012/01/29 19:39:50 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\PCPowerSpeed
[2009/06/14 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\PeerNetworking
[2009/06/05 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Sierra Wireless
[2009/06/29 10:18:27 | 000,000,000 | ---D | M] -- C:\Users\Becca\AppData\Roaming\Template
[2009/02/26 15:13:33 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Alawar
[2009/06/04 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Bytemobile
[2012/02/27 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2009/02/23 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DigitalPersona
[2012/02/02 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PC Cleaners
[2012/02/02 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\PCPro
[2009/06/04 17:38:46 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Sierra Wireless
[2009/02/24 14:17:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Template
[2012/02/01 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Uniblue
[2012/02/27 17:28:16 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/14 02:34:15 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{12ECB99D-00AB-48A8-BD64-67809E5DA21C}.job
[2012/02/29 12:31:32 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{848E2E18-4748-41BC-8CD1-0FE55DBF0E82}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/27 17:30:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/02/18 13:35:11 | 000,020,338 | ---- | M] () -- C:\ComboFix.txt
[2009/01/14 04:45:43 | 000,005,066 | R--- | M] () -- C:\dell.sdr
[2012/02/14 14:40:35 | 000,047,806 | ---- | M] () -- C:\Extras.Txt
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/02/01 22:27:00 | 000,000,176 | ---- | M] () -- C:\MSsupport.htm
[2012/02/14 14:14:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/02/15 10:28:13 | 000,008,978 | ---- | M] () -- C:\OTL.Txt
[2012/02/27 17:29:35 | 270,508,031 | -HS- | M] () -- C:\pagefile.sys
[2008/05/07 23:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2009/01/14 03:29:43 | 000,000,174 | ---- | M] () -- C:\Setup.log
[2012/02/01 22:27:00 | 000,000,050 | ---- | M] () -- C:\SrtLog.txt
[2004/06/11 17:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2006/11/02 09:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 09:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 09:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/02/20 22:50:04 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s >
 
< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: EXPLORER.EXE 0XC000022 ERROR - PAGE 3 - SAFER-NETWORKING FORUMS.URL >
[2012/02/27 12:59:35 | 000,000,280 | ---- | M] () MD5=1995C8228CEB5A7545D50535FD2F02B6 -- C:\Users\Ryan\Favorites\explorer.exe 0xc000022 error - Page 3 - Safer-Networking Forums.url
[2012/02/27 12:59:35 | 000,000,280 | ---- | M] () MD5=1995C8228CEB5A7545D50535FD2F02B6 -- C:\Users\Ryan\Favorites\Links\explorer.exe 0xc000022 error - Page 3 - Safer-Networking Forums.url

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 09:13:38 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2006/11/02 09:13:38 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6a2f0af76374ed51\explorer.exe.mui
[2006/11/02 09:13:32 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=872D519975CA4D7CC596FC93470D49E0 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 09:13:32 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=872D519975CA4D7CC596FC93470D49E0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fda60a52f142b56\explorer.exe.mui

< MD5 for: EXPLORER.EXE-D5E97654.PF >
[2012/02/29 11:47:23 | 000,279,514 | ---- | M] () MD5=16F3247BE9C046559BC0B3DB204F4706 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

< MD5 for: IEXPLORE.EXE >
[2009/10/27 07:11:33 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=03EF289E8F82CBC4E492658864C7C51A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_9628daa62002d415\iexplore.exe
[2009/07/18 06:51:34 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=065536D14F91DC321FBFAED112B2A747 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_89d658d9ee8bf1ff\iexplore.exe
[2009/01/14 04:33:26 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_9399882309d61be8\iexplore.exe
[2009/01/14 22:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_93f80d9f098e0166\iexplore.exe
[2009/08/27 08:29:23 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=0EBCCD92E47FDD01B1FC7EBC7FFC26E0 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_8a1f0955ee55df8a\iexplore.exe
[2009/01/14 04:28:19 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_93e5397d099d5578\iexplore.exe
[2009/01/14 04:35:15 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_9433f69622e637cb\iexplore.exe
[2009/01/14 04:19:39 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_93bffb8909b85d46\iexplore.exe
[2009/01/14 04:33:26 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=1ACD856D345FA54F89335C793B2B0874 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_8a115c9dee6081e6\iexplore.exe
[2009/11/21 09:04:19 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=1B5572B8B9CD678E814F57B245400F64 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_6ec34e240169f05e\iexplore.exe
[2009/11/21 00:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_78828b751cb61529\iexplore.exe
[2009/08/27 07:50:25 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=1B9D3D4A9C9133CA250DB65370DF3060 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_8b7ed3ecd25be974\iexplore.exe
[2009/07/18 06:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_938dbbb909df18d0\iexplore.exe
[2009/07/18 15:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_9577fb8707020f1d\iexplore.exe
[2009/03/02 22:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_9465e0f822c1744a\iexplore.exe
[2009/04/24 10:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_93b9fbb309bdc263\iexplore.exe
[2009/10/27 07:51:59 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=233BF9AD6999D768293B39755F7DCA1D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_8b5e6428d2743d47\iexplore.exe
[2010/02/23 09:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_78ebb87c35ec08c6\iexplore.exe
[2009/04/11 00:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_97c0beeb03de7f46\iexplore.exe
[2011/02/22 00:50:19 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=2E70FE17239DFCA6209FD698D0F18C61 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_6e465be0e84297ba\iexplore.exe
[2009/01/14 04:35:15 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=2EEE7F65B04F759FE7D238AD6EAB90B7 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_89df4c43ee8575d0\iexplore.exe
[2009/01/14 04:35:16 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=31705413C889C5503F564C642D83C282 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_89721e14d5531cd7\iexplore.exe
[2009/04/24 10:07:30 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=3319AE709DEAA8539AB3B4110C3C675D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_8c07706deb7a6fe7\iexplore.exe
[2009/07/18 16:19:00 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=3336F6E73AD028FC310947DFA84CD554 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_89391166d57e56d5\iexplore.exe
[2010/11/02 00:29:04 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=37302FCB9B7D54B0DBB43624E7A21B3C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_6e11746ce86a0984\iexplore.exe
[2010/01/02 08:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_78ff57c035dd9e36\iexplore.exe
[2010/05/04 00:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_7946112635a7c1dc\iexplore.exe
[2010/09/08 00:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_790e00f635d21ae3\iexplore.exe
[2009/01/14 04:28:19 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_943fc8b222dd3258\iexplore.exe
[2009/03/02 22:58:49 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=4F49A46AB978ED80D536E25FC87AF3F5 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_8b71013cd266bc39\iexplore.exe
[2009/10/27 09:11:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_93c8cead09b208f5\iexplore.exe
[2009/07/18 06:39:30 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=51B17FD4415B38F783F7C8EDABD3157D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_8b235134d2a14d22\iexplore.exe
[2011/12/15 01:36:29 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=54EF418BD99720658CCE24210799BD1A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23286_none_78f764a035e333bc\iexplore.exe
[2009/03/02 22:41:00 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=57731E60EA98B8C279DCB5BBB82B68B7 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_8979f0eed54daf2f\iexplore.exe
[2009/04/11 01:11:08 | 000,712,864 | ---- | M] (Microsoft Corporation) MD5=58136AB5A3DF2D44BBB483629188584A -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_8d6c1498cf7dbd4b\iexplore.exe
[2010/11/02 00:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_78661ebf1ccacb7f\iexplore.exe
[2008/01/20 20:48:06 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_95d545df06bcb3fa\iexplore.exe
[2010/05/04 00:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_78b0cde91c92ee91\iexplore.exe
[2009/10/27 07:38:38 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=5EAC3DEC57F735F2F63672EC5D34ED5E -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_8bd43053eba2121a\iexplore.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/01/14 04:19:39 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_946a09fe22bda664\iexplore.exe
[2009/01/14 04:33:26 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=699D1D2EAF5C80E7361809B0ED8AE773 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_8944ddd0d57559ed\iexplore.exe
[2009/04/24 10:27:28 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=6B9F780596A6FA37909A1E17B13DB8F3 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_89fe97abee6e3636\iexplore.exe
[2009/08/27 08:19:49 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=6CBD8F2C431A57689549BF06D5B75B6F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_89959468d5380c7e\iexplore.exe
[2010/05/04 00:57:44 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=6E4A7132FE953AFFAE00B15835404564 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_6e5c2396e8322c96\iexplore.exe
[2009/01/14 22:59:48 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=724BC813643C688280F353EC23128A66 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_89c8afedee968ea9\iexplore.exe
[2010/06/26 00:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_78962c9f1ca7a7c0\iexplore.exe
[2010/12/18 01:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_793e10bc35aef44b\iexplore.exe
[2009/10/27 07:24:29 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=79B60CC26404F8FC2B351A7551D93C17 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_95b30e7b06d4ff42\iexplore.exe
[2009/03/08 15:09:11 | 000,661,344 | ---- | M] (Microsoft Corporation) MD5=7A81E0CECAE7B98459A073981F0124D5 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_6e6bbde6e827625c\iexplore.exe
[2011/05/28 01:09:20 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7EE10C5413AD7ED1AF9E8FAE1B58FC3E -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_78f2614835e7b7e2\iexplore.exe
[2009/07/18 06:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_942b032c22ecb3fa\iexplore.exe
[2009/10/27 07:22:34 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_9455447822cd2806\iexplore.exe
[2010/02/23 01:03:07 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=81AF4A1549710310E56B43C4D3F3657C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_6e6dc246e8258f58\iexplore.exe
[2010/09/08 00:49:26 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=827BE3F3C80787B00F19E36B19531197 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_6e23131ce85d6c46\iexplore.exe
[2009/04/24 10:32:29 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=8679C8CD9690758AF0984290A1843E72 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_89655160d55d0068\iexplore.exe
[2009/01/14 04:28:19 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=88BC0B30EE1C0344119778A6E8F2509F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_89908f2ad53c937d\iexplore.exe
[2010/01/02 00:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_7869eabf1cc90106\iexplore.exe
[2009/11/21 00:53:25 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=8ADB04E86E8A38307D0663CD002BFFD1 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_6e2de122e855532e\iexplore.exe
[2009/03/02 22:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_961169b0201311a9\iexplore.exe
[2009/01/14 04:19:39 | 000,709,408 | ---- | M] (Microsoft Corporation) MD5=8BC05A19FA4C19025D564A2201709F70 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_8a155fabee5ce469\iexplore.exe
[2010/12/18 00:56:48 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=8F69AE4F1AC2E1D2C34348D519007A2C -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_6e67cbeee8295d3e\iexplore.exe
[2010/11/02 01:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_78e78f7635efd6ac\iexplore.exe
[2009/01/14 04:35:15 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_93c6c86709b3ded2\iexplore.exe
[2011/05/28 01:46:21 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=947A0CEFBB04E0DD2741AD1060B2B287 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_6e9db6f60186f5e7\iexplore.exe
[2009/08/27 07:34:35 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=97867B45571A242E31900D991668F247 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_8c12423feb72511d\iexplore.exe
[2011/02/22 01:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_791fa18c35c57acc\iexplore.exe
[2010/05/04 00:59:11 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=9D0512508DBDD31DA29BC05941417101 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_6ef166d40146ffe1\iexplore.exe
[2009/08/27 08:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_93ea3ebb0998ce79\iexplore.exe
[2009/03/02 22:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_95c5ab8f06c77e34\iexplore.exe
[2009/01/14 04:33:26 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_946606f022c143e1\iexplore.exe
[2010/02/23 00:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_78c26c991c865153\iexplore.exe
[2009/08/27 07:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_9473b3a822b6a185\iexplore.exe
[2009/03/02 22:36:03 | 000,712,888 | ---- | M] (Microsoft Corporation) MD5=AA8005889396DF530BCDF0E2AA0E7A04 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_8a1136a5ee60b24f\iexplore.exe
[2011/12/15 00:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2011/12/15 00:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/12/15 00:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=AB18B8902C06954F8DFBAC5C6DC7E1E8 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19190_none_785cf62d1cd317d9\iexplore.exe
[2009/10/27 09:11:14 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=AB8E0D9CA22D724985DB1744DE2481A9 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_8974245ad55146fa\iexplore.exe
[2008/01/20 20:50:37 | 000,701,952 | ---- | M] (Microsoft Corporation) MD5=AC2C3BAFD177B60C3B5E4DDBCC2C2DB3 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_8b809b8cd25bf1ff\iexplore.exe
[2009/10/27 08:14:14 | 000,711,432 | ---- | M] (Microsoft Corporation) MD5=AF7A1B47A329B0754E4DA2CD532207EF -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_8a009a25ee6c660b\iexplore.exe
[2009/03/08 15:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_78c068391c882457\iexplore.exe
[2010/01/02 09:15:56 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=B7ECFA3A546360E2A39ADBE1D773F3DC -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_6eaaad6e017cdc3b\iexplore.exe
[2010/12/18 00:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_78bc76411c8a1f39\iexplore.exe
[2009/08/27 07:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_95d37e3f06bcab6f\iexplore.exe
[2011/02/22 00:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_789b06331ca359b5\iexplore.exe
[2009/07/18 06:25:05 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=C6558E30E94FE3DF893CE85F6948B5DA -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_8bc39007ebadcb88\iexplore.exe
[2011/12/15 00:47:49 | 000,660,768 | ---- | M] (Microsoft Corporation) MD5=C7884BC0B78D6EE27D9CD469B9C410DF -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/12/15 00:47:49 | 000,660,768 | ---- | M] (Microsoft Corporation) MD5=C7884BC0B78D6EE27D9CD469B9C410DF -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19190_none_6e084bdae87255de\iexplore.exe
[2010/01/02 01:09:58 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=C9256212D298D96FE0F63D69ECD9CE97 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_6e15406ce8683f0b\iexplore.exe
[2011/05/28 00:24:59 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=CF331868494D0527484520912736518E -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_6e1b1c30e863077e\iexplore.exe
[2010/02/23 10:03:02 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=D1978C9901DAA9A1C2EE78A707B1449A -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_6e970e2a018b46cb\iexplore.exe
[2009/04/24 10:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_945341fe22cef831\iexplore.exe
[2010/09/08 00:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_7877bd6f1cbe2e41\iexplore.exe
[2009/01/14 04:28:19 | 000,701,440 | ---- | M] (Microsoft Corporation) MD5=D5A7B74CA0826CF5BCE4AE0152231A9B -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_89eb1e5fee7c705d\iexplore.exe
[2009/04/24 10:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_965c1ac01fdb31e2\iexplore.exe
[2009/01/14 22:50:38 | 000,709,800 | ---- | M] (Microsoft Corporation) MD5=D6F4816C6B7BE9A125E138B903C2B0EF -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_89a3634cd52d3f6b\iexplore.exe
[2009/03/02 23:02:08 | 000,712,872 | ---- | M] (Microsoft Corporation) MD5=D7379B3EF7C87578F8966FF5C7B46E9D -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_8bbcbf5debb24fae\iexplore.exe
[2010/09/08 01:28:01 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=D93AB1673986658EF1931FA751BCCF69 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_6eb956a4017158e8\iexplore.exe
[2011/02/22 01:54:38 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=E79C480F9DCD7512AAB9727A533CB152 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_6ecaf73a0164b8d1\iexplore.exe
[2009/11/21 09:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_7917f87635cab259\iexplore.exe
[2010/06/26 00:31:23 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=E9D8A71AFDCA528A184C1498E22A8241 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_6e41824ce846e5c5\iexplore.exe
[2009/03/02 22:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_93ce9b4109ae712a\iexplore.exe
[2009/07/18 05:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_96183a5a200e8d83\iexplore.exe
[2011/12/15 02:02:25 | 000,660,768 | ---- | M] (Microsoft Corporation) MD5=EBFB7B1209DFC75E1971981E46CF2AA8 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23286_none_6ea2ba4e018271c1\iexplore.exe
[2011/05/28 00:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=ED65737D70FDEAC29F738E77D2496EE5 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_786fc6831cc3c979\iexplore.exe
[2010/06/26 00:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_791c9ec835c831a0\iexplore.exe
[2009/01/14 22:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_941d5a4022f750a4\iexplore.exe
[2009/04/24 10:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_95b20c4b06d5e8c4\iexplore.exe
[2010/11/02 01:42:15 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=F686191623AC22EE2521C2D17157B199 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_6e92e524018f14b1\iexplore.exe
[2010/06/28 12:17:01 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=F896A6A9965B9C64061BE97F6D84B075 -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_6ec7f47601676fa5\iexplore.exe
[2010/12/18 01:54:56 | 000,660,760 | ---- | M] (Microsoft Corporation) MD5=FC6DC0E786A4D2E7DA6E9C012ED2E64F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_6ee9666a014e3250\iexplore.exe
[2009/04/24 10:23:20 | 000,711,448 | ---- | M] (Microsoft Corporation) MD5=FD4E1EF226A34D093AAD475B94C5E36E -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_8b5d61f8d27526c9\iexplore.exe
[2009/08/27 07:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_9666ec921fd31318\iexplore.exe
[2009/01/14 04:19:39 | 000,709,408 | ---- | M] (Microsoft Corporation) MD5=FF441810C3CA6DC897CB322F60A6902F -- C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_896b5136d5579b4b\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 16:15:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=11E9431B29BD64A1FB13369BB8AD4116 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 16:15:57 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=11E9431B29BD64A1FB13369BB8AD4116 -- C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_7c9630f422ee47f7\iexplore.exe.mui
[2006/11/02 09:13:34 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a1c8f6f0449888c1\iexplore.exe.mui
[2009/03/08 15:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 15:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\wow64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_86eadb46574f09f2\iexplore.exe.mui
[2006/11/02 09:13:29 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=D421BD7B9646679254B0D855823C6F21 -- C:\Windows\winsxs\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_97744c9e1037c6c6\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2012/02/27 12:59:34 | 000,089,636 | ---- | M] () MD5=57E80112184E24E730099E77DA175A0B -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2008/01/20 20:52:39 | 000,019,968 | ---- | M] () MD5=1DB95B0920FA9783476AC46F187C06F6 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2008/01/20 20:52:39 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=1DB95B0920FA9783476AC46F187C06F6 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_27172d0ebc73e370\winlogon.exe.mui
[2008/01/20 20:52:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\SysWOW64\en-US\winlogon.exe.mui
[2008/01/20 20:52:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 09:13:52 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=2D30AB05DBA78517B34C0AAC71DF5299 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_24e06b12bf88d29c\winlogon.exe.mui
[2006/11/02 09:13:03 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-DEDDC9B6.PF >
[2012/02/29 11:49:02 | 000,013,648 | ---- | M] () MD5=AD4951818584CECC8E358683B8351FB9 -- C:\Windows\Prefetch\WINLOGON.EXE-DEDDC9B6.pf

< MD5 for: WINLOGON.MOF >
[2006/09/18 15:38:40 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\SysNative\wbem\winlogon.mof
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\SysWOW64\wbem\winlogon.mof
[2006/09/18 15:38:40 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_da20a358315a3dca\winlogon.mof
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< End of report >
 
Hi chiro.j.elliott,

This will be a short log, remember to click the none button.

Next

Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the window under Custom Scans/Fixes copy and paste the following



    /md5start
    userinit.*
    /md5stop


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.



As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.


*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

Please post back with
  • OTL.txt
  • ESET log if there is one
 
OTL logfile created on: 3/1/2012 1:10:21 PM - Run 4
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Ryan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.48% Memory free
8.09 Gb Paging File | 5.98 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 201.10 Gb Free Space | 69.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< >


< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2006/11/02 09:13:42 | 000,003,584 | ---- | M] () MD5=7A820F1B24D266DE11444D6C8FA8AC8A -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2006/11/02 09:13:42 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=7A820F1B24D266DE11444D6C8FA8AC8A -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328\userinit.exe.mui
[2006/11/02 09:13:55 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=F058F2BAE89E70B2A79D5EB820092EEB -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2006/11/02 09:13:55 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=F058F2BAE89E70B2A79D5EB820092EEB -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui

< MD5 for: USERINIT.EXE-5114915C.PF >
[2012/02/29 11:47:21 | 000,012,380 | ---- | M] () MD5=4A24B4EBE04B610A2FA33CCE48917BE3 -- C:\Windows\Prefetch\USERINIT.EXE-5114915C.pf

< End of report >

online scan results:

C:\Qoobox\Quarantine\C\ProgramData\de6342b\6738.mof.vir Win32/RogueAV.A trojan
C:\Qoobox\Quarantine\C\ProgramData\de6342b\CUde63.exe.vir Win32/RogueAV.I trojan
C:\Users\Ryan\AppData\LocalLow\FilmFanaticEI\Installr\Cache\44550795.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Ryan\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\445D93BD.exe a variant of Win32/Toolbar.MyWebSearch.O application
 
Hi chiro.j.elliott,

That looks ok. 2 files have all ready been quarantined the other 2 are warnings of some toolbars included with an installer.

A little tidying up then we can clean up the tools.

Next

The 64 bit version of java is out of date.

Go to Start > Control Panel , switch to Classic View if it isn't already.
  • Locate the Java (64) icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

Next Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Services

:OTL
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Commands
[emptytemp]
[creatrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
 
The date and such is wrong?? but this is what opened after the computer restarted!!

OTL logfile created on: 3/1/2012 1:10:21 PM - Run 4
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Ryan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.48% Memory free
8.09 Gb Paging File | 5.98 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 201.10 Gb Free Space | 69.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< >


< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2006/11/02 09:13:42 | 000,003,584 | ---- | M] () MD5=7A820F1B24D266DE11444D6C8FA8AC8A -- C:\Windows\SysNative\en-US\userinit.exe.mui
[2006/11/02 09:13:42 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=7A820F1B24D266DE11444D6C8FA8AC8A -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_e9d87fb38dc4f328\userinit.exe.mui
[2006/11/02 09:13:55 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=F058F2BAE89E70B2A79D5EB820092EEB -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2006/11/02 09:13:55 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=F058F2BAE89E70B2A79D5EB820092EEB -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui

< MD5 for: USERINIT.EXE-5114915C.PF >
[2012/02/29 11:47:21 | 000,012,380 | ---- | M] () MD5=4A24B4EBE04B610A2FA33CCE48917BE3 -- C:\Windows\Prefetch\USERINIT.EXE-5114915C.pf

< End of report >
 
Hi chiro.j.elliott,

That's the scan log from yesterday. did you run the fix from my last post? If you did the OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 03022012_091009.log . Please copy and paste the contents into your next reply.
 
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Becca
->Temp folder emptied: 99643 bytes
->Temporary Internet Files folder emptied: 47439557 bytes
->Java cache emptied: 77479709 bytes
->FireFox cache emptied: 56676328 bytes
->Flash cache emptied: 818 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ryan
->Temp folder emptied: 1329008 bytes
->Temporary Internet Files folder emptied: 3014524 bytes
->Java cache emptied: 93576279 bytes
->FireFox cache emptied: 140372807 bytes
->Flash cache emptied: 1481 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 713852420 bytes
%systemroot%\System32 .tmp files removed: 32768 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 376135 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,082.00 mb

Error: Unable to interpret <[creatrestorepoint]> in the current context!

OTL by OldTimer - Version 3.2.33.2 log created on 03022012_105349

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUE35ATD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMX15HPD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJENX5YD\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1WCZT13\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Hi chiro.j.elliott,

Everything looks ok. Let's give it one more run with combofix now that you can run in normal windows.

Delete the copy of combofix you have from your desktop and download a new from Link 1or Link 2 and sve it to your desktop. Do not run it.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
File::
C:\Users\Ryan\AppData\LocalLow\FilmFanaticEI\Installr\Cache\44550795.exe
C:\Users\Ryan\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\445D93BD.exe

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif


Please post the log.
 
Hi chiro.j.elliott,

I don't see an antivirus program installed. I can give you some links to some very good free ones if you wish.

Everything looks good so we'll remove the tools.

From your desktop, please delete, if present
  • any notepads/logs that we created
  • DDS.scr


Next

Click the Start button,in the search box type Run. At the top click run

Copy and paste the following line into the run box and click OK

Combofix /uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.


Updates

You should reinstall Vista Service Pack 2


Anitvirus

If you don't have an antivirus program installed download one of these free ones.


Avast
Help and support can be found here Avast Forum
AVG
Help and support can be found here AVG Forum
Antivir PersonalEditionClassic
Help and support can be found here Avira Personal Support Forum
Microsoft Security Essentials
Support


Java

The 64bit version of java is out of date. You can get the 64bit version HERE

Click on Windows Offline (64-bit)

Once you have downloaded jre-6u31windows-x64-.exe and saved it to the desktop:

Click Start > Control Panel . Under Programs click uninstall a program and uninstall

Java? 6 Update 13 (64-bit)


Double click the file you downloaded to install the java. Pass on any 3rd party add ons you may be offered.


Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the Foxit Toolbar offered during the install.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.1 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Automatic Updates to your chosen option Click your start button > All Programsl > Windows Update > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE

Please post back if you have any problems.
 
Last edited:
Status
Not open for further replies.
Back
Top