Check Log Please

mij · October 12, 2011

The MBAM log as requested

Had call from son, the CD is registered to this computer

jim

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7929

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/10/2011 16:43:49

mbam-log-2011-10-12 (16-43-30).txt

Scan type: Full scan (C:\|)

Objects scanned: 310519

Time elapsed: 53 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 12

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{6ff9ca42-31db-4369-87e7-32ea366bca58} (PUP.FunWebProducts) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{887c1600-0825-4354-8f7c-a7f7a12a0daf} (PUP.FunWebProducts) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{434FFB7E-D31A-4604-9B78-01066B87F755} (PUP.FunWebProducts) -> No action taken.

HKEY_CLASSES_ROOT\RadioPI_4eInstaller.Start.1 (PUP.FunWebProducts) -> No action taken.

HKEY_CLASSES_ROOT\RadioPI_4eInstaller.Start (PUP.FunWebProducts) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6FF9CA42-31DB-4369-87E7-32EA366BCA58} (PUP.FunWebProducts) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\ntfs undelete\newfolder(3)\$Recycle.Bin\s-1-5-21-2178092456-3463494078-4020983743-1000\$IUT6NZF.jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\$Recycle.Bin\s-1-5-21-2178092456-3463494078-4020983743-1000\$R708TCY.jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\lost files and folders\lost folder#8262\img013[1].jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\lost files and folders\lost folder#8262\img014_s[1].jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\lost files and folders\lost folder#8266\ag_paintings_001[1].jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\lost files and folders\lost folder#8266\ag_paintings_025_s[1].jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\Users\crispin\Desktop\Jim\Pictures\2009-09-17\028.JPG (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\Users\crispin\Desktop\Jim\Pictures\2009-09-17\036.JPG (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\Users\crispin\Desktop\Jim\Pictures\2009-09-17\037.JPG (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\Users\crispin\Desktop\Jim\Pictures\gloucester canal\gripping scene.jpg (Extension.Mismatch) -> No action taken.

c:\program files\ntfs undelete\newfolder(3)\Users\crispin\Desktop\Jim\Pictures\gloucester canal\having a leak.jpg (Extension.Mismatch) -> No action taken.

c:\program files\radiopi_4eei\Installr\1.bin\4eEZSETP.dll (PUP.FunWebProducts) -> No action taken.

KenB · October 12, 2011

Hi Jim

I have split this from the other thread.

http://extremetechsupport.com/threads/12444-re-istallation-of-the-OS?p=80464#post80464

I will ask our Security Experts to advise.

mij · October 12, 2011

Thanks I will keep an eye open for them.

cheers

jim

etavares · October 13, 2011

Hi mjj,

What's the issue you're having? The MBAM log isn't bad...the PUP means "potentially unwanted program" for Funweb. I suggest you let MBAM quarantine it, although it is optional. The extension mismatch means that those files aren't JPGs even though they're labelled that way. If you took those pictures or know who did, it's likely OK. If you downloaded them from the web, they could be bad and should be removed.

What caused you to scan? Are you having issues?

thanks,

-etavares

mij · October 13, 2011

My original problem was that the OS started to hang when opening some programs. A 'frinstance would be opening the mail and trying to click on a post to open it. It would not open until I closed the email program (google in this instance) and re-opened it.

Or I want to close a program and it hangs - nothing happens. Leave it 5-6-or 7 minutes and it reverts to normal service.

For this reason I deleted avast and private firewall that I installed after my last visit here with the scam virus a few weeks back.

I ran MBAM in its quick scan mode and found nothing so I did a full scan and that is the log I posted.

Yes ok, MBAM has dealt with the intruders.

jim

KenB · October 13, 2011

Hi etavares

I suggested that Jim run MBAM as a check. He said his machine was slow.

Link to original thread in post 2.

etavares · October 13, 2011

ah, helpful. i thought you meant you split an unrelated thread off.

let's take a deeper look.

We need to create an OTL report,

Please download OTL from this link.
(If that link doesn't work, try this alternate link
Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
Click the "Scan All Users" checkbox.
Select "Use Safelist" under "Extra Registry"
Under the Custom Scan box paste this in:

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.sys /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the Quick Scan button.
The scan should take a few minutes.
Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

mij · October 15, 2011

This computer had a funny five minutes when I tried to first reply.

In this run I omitted to click 'use safe list' in extra registry. None was the default.

jim

OTL logfile created on: 15/10/2011 06:21:38 - Run 1

OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\crispin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.64% Memory free

4.24 Gb Paging File | 3.24 Gb Available in Paging File | 76.38% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.76 Gb Total Space | 243.89 Gb Free Space | 52.36% Space Free | Partition Type: NTFS

Computer Name: JIMS-PC | User Name: crispin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 06:19:34 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe

PRC - [2011/10/07 20:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/07/27 12:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2011/03/10 19:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/08/05 23:27:32 | 001,107,456 | ---- | M] (RespectSoft) -- C:\Program Files\VistaClock\VistaClock.exe

PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe

PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe

PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 20:26:08 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/03/10 19:21:02 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll

MOD - [2011/02/11 01:30:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2009/09/15 19:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madbasic_.bpl

MOD - [2009/09/15 19:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\maddisAsm_.bpl

MOD - [2009/09/15 19:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madexcept_.bpl

MOD - [2008/05/15 02:04:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)

SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)

SRV - [2011/09/25 18:59:56 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/07/27 12:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)

SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)

SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 06:16:49 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A573B5BA-5F00-4326-AAD9-08A7F36EFB74}\MpKsl7d560462.sys -- (MpKsl7d560462)

DRV - [2011/09/25 19:00:08 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2011/09/25 19:00:08 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2011/08/07 14:29:43 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574)

DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2011/02/23 17:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/01/13 09:14:48 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2009/01/22 17:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)

DRV - [2008/10/06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/08/18 14:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\BANTExt.sys -- (BANTExt)

DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2008/01/15 01:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2007/02/22 12:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files\ASTRA32\astra32.sys -- (ASTRA32)

DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/01/26 10:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)

DRV - [2006/11/02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\crispin\Desktop

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 13 42 D8 20 66 CB 01 [binary data]

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll (RadioPI)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 20:26:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/12 13:36:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\crispin\AppData\Roaming\NetAssistant\ [2011/03/11 16:17:04 | 000,000,000 | ---D | M]

[2011/01/18 12:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions

[2010/01/30 23:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2010/10/07 00:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions

[2010/09/17 11:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/17 11:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions

[2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}

[2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}

[2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/09 20:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions

[2010/07/30 00:58:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/19 00:42:59 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2011/10/11 21:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\ltirpsj5.default\extensions

[2011/10/11 21:17:45 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\ltirpsj5.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

[2011/09/06 15:52:55 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\ltirpsj5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2011/01/24 12:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions

[2011/01/23 12:32:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/01/22 09:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/01/23 12:30:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\crispin\AppData\Roaming\Mozilla\Firefox\Profiles\2h87q0wd.Default User\searchplugins\askcom.xml

[2011/09/28 10:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/06 14:56:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/01/10 19:30:20 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2011/10/07 20:26:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/06 14:38:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll

[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2011/09/23 02:58:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/01/10 19:28:42 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2011/09/23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/09/23 02:58:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/09/23 02:58:35 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/09/23 02:58:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=GB&install_date=20111011&user_guid=38364539440942149575D0FDAFDA5960&machine_id=3e0bb42f8eceaa5373cfbf14c7ae4b59&browser=CR&os=win&os_version=6.0-x86-SP2

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\crispin\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\crispin\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\crispin\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll

CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\crispin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_1\BabylonChromePI.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

CHR - plugin: RadioPI Installer Plugin Stub (Enabled) = C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\crispin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Babylon Chrome OCR = C:\Users\crispin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_1\

O1 HOSTS File: ([2011/09/08 08:58:15 | 000,504,831 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[iPv6]

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 http://www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 http://www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 http://www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 14644 more lines...

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [VistaClock] C:\Program Files\VistaClock\VistaClock.exe (RespectSoft)

O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe ()

O4 - Startup: C:\Users\All Users\3B20D [2010/02/23 15:08:59 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\abelhadigital.com [2011/09/08 08:55:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Adobe [2011/08/20 11:32:13 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Agnitum [2010/10/25 12:23:14 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\AppData [2009/09/15 12:45:27 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Apple [2009/09/29 11:48:39 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Apple Computer [2011/04/10 12:05:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Autodesk [2010/07/19 07:37:34 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\AVAST Software [2011/10/04 08:50:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\AVS4YOU [2009/12/15 22:24:36 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\CyberLink [2010/08/24 00:10:13 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\DivX [2011/01/01 09:47:21 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\DriverCure [2010/01/19 22:04:21 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Google [2011/04/03 00:06:48 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\InstallShield [2010/03/16 17:49:39 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\IsolatedStorage [2010/10/25 13:52:07 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Karen's Power Tools [2009/09/20 23:31:50 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\LogiShrd [2009/09/15 13:14:07 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Logitech [2009/09/15 13:09:19 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Malwarebytes [2009/10/11 13:05:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\McAfee [2010/12/28 09:11:30 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\MFAData [2010/09/30 22:19:13 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Microsoft [2011/04/03 00:19:42 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\NCH Software [2010/12/30 11:09:47 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NCH Swift Sound [2010/12/17 22:42:33 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NOS [2011/04/23 22:02:05 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\ntuser.pol ()

O4 - Startup: C:\Users\All Users\ParetoLogic [2010/01/13 09:21:20 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PC Drivers HeadQuarters [2009/09/15 11:25:06 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PC Tools [2010/10/25 13:13:33 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\PCPitstop [2010/01/20 19:48:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Privacyware [2010/10/25 13:48:42 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\SITEguard [2010/07/21 20:34:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2010/10/03 19:59:12 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\STOPzilla! [2010/09/30 22:15:51 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Sun [2010/01/27 10:29:22 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\TEMP [2010/10/25 13:13:40 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Templates [2006/11/02 14:02:04 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\TomTom [2009/09/16 14:12:37 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Trusteer [2010/02/15 12:41:14 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\UDL [2010/10/03 13:14:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\White Sky, Inc [2010/10/25 13:49:11 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\WindowsSearch [2010/09/30 22:52:09 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Xerox [2010/10/12 13:03:22 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/10/15 00:28:03 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/09/29 11:50:48 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\{A3570649-72CF-4FA2-A237-74A7EE92053E} [2010/10/08 14:07:02 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\crispin\.gimp-2.6 [2011/10/06 14:37:58 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\crispin\.recently-used.xbel ()

O4 - Startup: C:\Users\crispin\.thumbnails [2011/01/31 14:46:14 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\crispin\Contacts [2010/01/27 20:37:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\crispin\Cookies [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\Desktop [2011/10/15 06:19:32 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\crispin\FP_AX_CAB_INSTALLER.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Users\crispin\frm2new.htm.url ()

O4 - Startup: C:\Users\crispin\g2mdlhlpx.exe ()

O4 - Startup: C:\Users\crispin\Local Settings [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\Music [2010/09/30 19:41:03 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\crispin\My Documents [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\NetHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\ntuser (2).ini ()

O4 - Startup: C:\Users\crispin\ntuser.dat ()

O4 - Startup: C:\Users\crispin\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\crispin\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()

O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TM.blf ()

O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TM.blf ()

O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TM.blf ()

O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\crispin\ntuser.ini ()

O4 - Startup: C:\Users\crispin\PrintHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\Recent [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\SendTo [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\Start Menu [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\temp [2010/08/11 09:07:17 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\crispin\Templates [2009/08/07 19:48:01 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\crispin\Tracing [2010/10/06 21:50:16 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\crispin\Videos [2010/12/31 19:46:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\crispin\VLC [2010/07/09 19:42:01 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\AppData [2006/11/02 12:18:34 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2006/11/02 14:02:03 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2006/11/02 14:02:03 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Public\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Public\Desktop [2011/10/12 14:55:51 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2011/09/08 08:55:58 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2006/11/02 13:50:50 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2006/11/02 11:23:35 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2006/11/02 13:50:50 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Pictures [2006/11/02 13:50:50 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Recorded TV [2011/10/15 06:17:29 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2006/11/02 13:50:50 | 000,000,000 | R--D | M]

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\control panel present

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AEBD7FC-5B3C-466F-89C2-7E3CA8ACD89F}: NameServer = 87.194.255.154,87.194.255.155

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Users^crispin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^StartUp^reminder-ScanSoft Product Registration.lnk - C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXE - ()

MsConfig - StartUpReg: IntelliPoint - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: RemoteControl - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 0

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 06:19:31 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe

[2011/10/11 21:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar

[2011/10/11 21:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2011/10/11 21:17:28 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2011/10/11 20:25:16 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\the orchid tutorial be Annie

[2011/10/08 14:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron

[2011/10/08 14:00:26 | 000,000,000 | ---D | C] -- C:\Users\crispin\AppData\Local\Chromium

[2011/10/08 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron

[2011/10/05 17:22:16 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\Larry seiilor live

[2011/10/04 00:25:30 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\cp challenge oct 2011

[2011/10/04 00:22:18 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\gouache challenges oct 2011

[2011/10/01 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\octobers goals

[2011/10/01 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\octobers 2011 spotlight contrasts and CPs

[2011/09/25 19:00:08 | 000,056,336 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/09/17 12:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/09/17 12:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ]

[1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/15 06:21:23 | 000,610,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/10/15 06:21:23 | 000,109,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/10/15 06:19:34 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe

[2011/10/15 06:17:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/15 06:17:12 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job

[2011/10/15 06:16:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 06:16:51 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 06:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/10/15 01:36:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/15 01:34:59 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000UA.job

[2011/10/15 00:46:45 | 000,000,000 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\PDVD_MediaDisc.PlayList

[2011/10/14 21:40:05 | 000,047,135 | ---- | M] () -- C:\Users\crispin\Desktop\charcoal sketch.jpg

[2011/10/14 18:12:47 | 000,062,524 | ---- | M] () -- C:\Users\crispin\Desktop\128302-old_cat.jpg

[2011/10/14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/10/14 17:35:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000Core.job

[2011/10/14 16:43:32 | 000,048,215 | ---- | M] () -- C:\Users\crispin\Desktop\hairy animal.jpg

[2011/10/14 09:28:14 | 000,034,298 | ---- | M] () -- C:\Users\crispin\Desktop\976538-ruts.jpg

[2011/10/14 08:00:55 | 000,037,987 | ---- | M] () -- C:\Users\crispin\Desktop\203336-tree_in_field.jpg

[2011/10/12 18:54:14 | 000,292,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/10/12 14:55:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/12 00:00:15 | 000,072,080 | ---- | M] () -- C:\Users\crispin\g2mdlhlpx.exe

[2011/10/11 20:02:55 | 001,690,194 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\imag comparison.jpg

[2011/10/11 19:34:55 | 000,558,156 | ---- | M] () -- C:\Users\crispin\Desktop\comparison scanner and camera.odt

[2011/10/11 19:30:07 | 000,049,357 | ---- | M] () -- C:\Users\crispin\Desktop\69634-further_pastel_practice.jpg

[2011/10/11 17:20:32 | 000,049,806 | ---- | M] () -- C:\Users\crispin\Desktop\CP challenge pumpkin oct 2011.jpg

[2011/10/11 11:44:38 | 000,048,823 | ---- | M] () -- C:\Users\crispin\Desktop\ScanImage547.jpg

[2011/10/10 15:04:38 | 000,168,524 | ---- | M] () -- C:\Users\crispin\Desktop\82335-red-green_contrast.jpg

[2011/10/10 02:46:42 | 000,032,256 | ---- | M] () -- C:\Users\crispin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/08 22:40:16 | 000,010,023 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\reply 1.odt

[2011/10/08 14:00:27 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\SRWare Iron.lnk

[2011/10/06 14:37:53 | 000,005,855 | ---- | M] () -- C:\Users\crispin\.recently-used.xbel

[2011/10/05 19:51:17 | 000,165,309 | ---- | M] () -- C:\Users\crispin\Desktop\5268380464_28170d2f12.jpg

[2011/10/05 11:37:15 | 000,025,779 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\Budget account.ods

[2011/10/04 08:45:18 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI

mij · October 15, 2011

next half of otl log

[2011/10/04 08:43:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/10/04 03:45:01 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2011/10/03 14:01:25 | 000,015,269 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\m VWrosies colour suggestions fr.odt

[2011/10/02 17:24:12 | 000,011,137 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\car payments.ods

[2011/10/01 08:21:37 | 000,014,219 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\october goals.odt

[2011/09/28 22:39:41 | 000,000,867 | ---- | M] () -- C:\Users\crispin\Desktop\iexplore.exe - Shortcut.lnk

[2011/09/28 20:36:26 | 000,049,939 | ---- | M] () -- C:\Users\crispin\Desktop\doodles pastel tree 1.jpg

[2011/09/28 10:40:50 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011/09/27 20:28:56 | 000,020,164 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pan haggert recipe.odt

[2011/09/27 13:11:01 | 000,000,144 | ---- | M] () -- C:\Users\crispin\Desktop\later sovek thread.url

[2011/09/27 13:10:07 | 000,000,144 | ---- | M] () -- C:\Users\crispin\Desktop\sovek thread.url

[2011/09/26 09:08:15 | 000,009,339 | ---- | M] () -- C:\Users\crispin\Desktop\1805-tree_marks.jpg

[2011/09/26 09:08:07 | 000,004,589 | ---- | M] () -- C:\Users\crispin\Desktop\1805-tree_sketches2.jpg

[2011/09/26 09:07:27 | 000,003,141 | ---- | M] () -- C:\Users\crispin\Desktop\1805-tree_sketches.jpg

[2011/09/25 23:28:26 | 000,040,861 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\DS pastel tree tutorial.odt

[2011/09/25 19:00:08 | 000,056,336 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

[2011/09/25 10:37:24 | 000,020,083 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\Untitled 3.odt

[2011/09/24 01:59:44 | 000,015,891 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\Sept 2011 goals.odt

[2011/09/21 23:47:49 | 000,023,759 | ---- | M] () -- C:\Users\crispin\Desktop\2012 organiser sheet.ods

[2011/09/15 18:27:50 | 000,013,038 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\wills family.ods

[1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ]

[1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/14 21:40:04 | 000,047,135 | ---- | C] () -- C:\Users\crispin\Desktop\charcoal sketch.jpg

[2011/10/14 18:12:45 | 000,062,524 | ---- | C] () -- C:\Users\crispin\Desktop\128302-old_cat.jpg

[2011/10/14 16:43:31 | 000,048,215 | ---- | C] () -- C:\Users\crispin\Desktop\hairy animal.jpg

[2011/10/14 09:28:13 | 000,034,298 | ---- | C] () -- C:\Users\crispin\Desktop\976538-ruts.jpg

[2011/10/14 08:00:53 | 000,037,987 | ---- | C] () -- C:\Users\crispin\Desktop\203336-tree_in_field.jpg

[2011/10/11 21:17:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/10/11 21:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/10/11 21:17:28 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/10/11 21:17:27 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/10/11 20:02:53 | 001,690,194 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\imag comparison.jpg

[2011/10/11 19:34:53 | 000,558,156 | ---- | C] () -- C:\Users\crispin\Desktop\comparison scanner and camera.odt

[2011/10/11 19:30:05 | 000,049,357 | ---- | C] () -- C:\Users\crispin\Desktop\69634-further_pastel_practice.jpg

[2011/10/11 17:20:32 | 000,049,806 | ---- | C] () -- C:\Users\crispin\Desktop\CP challenge pumpkin oct 2011.jpg

[2011/10/11 11:42:00 | 000,048,823 | ---- | C] () -- C:\Users\crispin\Desktop\ScanImage547.jpg

[2011/10/10 15:02:46 | 000,168,524 | ---- | C] () -- C:\Users\crispin\Desktop\82335-red-green_contrast.jpg

[2011/10/08 22:40:14 | 000,010,023 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\reply 1.odt

[2011/10/08 14:00:27 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\SRWare Iron.lnk

[2011/10/06 14:37:53 | 000,005,855 | ---- | C] () -- C:\Users\crispin\.recently-used.xbel

[2011/10/05 19:51:16 | 000,165,309 | ---- | C] () -- C:\Users\crispin\Desktop\5268380464_28170d2f12.jpg

[2011/10/05 11:36:02 | 000,025,779 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\Budget account.ods

[2011/10/03 14:01:23 | 000,015,269 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\m VWrosies colour suggestions fr.odt

[2011/10/02 17:24:55 | 000,011,137 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\car payments.ods

[2011/09/30 10:11:25 | 000,014,219 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\october goals.odt

[2011/09/28 22:39:41 | 000,000,867 | ---- | C] () -- C:\Users\crispin\Desktop\iexplore.exe - Shortcut.lnk

[2011/09/28 20:36:26 | 000,049,939 | ---- | C] () -- C:\Users\crispin\Desktop\doodles pastel tree 1.jpg

[2011/09/27 20:28:54 | 000,020,164 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pan haggert recipe.odt

[2011/09/27 13:10:47 | 000,000,144 | ---- | C] () -- C:\Users\crispin\Desktop\later sovek thread.url

[2011/09/27 13:09:50 | 000,000,144 | ---- | C] () -- C:\Users\crispin\Desktop\sovek thread.url

[2011/09/26 09:08:14 | 000,009,339 | ---- | C] () -- C:\Users\crispin\Desktop\1805-tree_marks.jpg

[2011/09/26 09:08:06 | 000,004,589 | ---- | C] () -- C:\Users\crispin\Desktop\1805-tree_sketches2.jpg

[2011/09/26 09:07:24 | 000,003,141 | ---- | C] () -- C:\Users\crispin\Desktop\1805-tree_sketches.jpg

[2011/09/25 23:28:24 | 000,040,861 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\DS pastel tree tutorial.odt

[2011/09/25 10:37:22 | 000,020,083 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\Untitled 3.odt

[2011/03/31 14:30:53 | 000,000,547 | ---- | C] () -- C:\Users\crispin\AppData\Roaming\FreeDesktopClock.ini

[2011/03/31 01:22:41 | 000,000,680 | ---- | C] () -- C:\Users\crispin\AppData\Local\d3d9caps.dat

[2011/03/25 16:50:40 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/03/25 16:50:40 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2010/12/06 23:24:59 | 000,000,511 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Audio Files.dat

[2010/12/06 23:24:59 | 000,000,376 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Captions.dat

[2010/10/03 12:59:21 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX6600E.ini

[2010/09/30 21:53:53 | 000,000,120 | ---- | C] () -- C:\Users\crispin\AppData\Local\Ovihomigobabamis.dat

[2010/09/07 23:08:34 | 000,099,965 | ---- | C] () -- C:\Windows\UninstallFirefox.exe

[2010/09/07 23:08:25 | 000,003,137 | ---- | C] () -- C:\Windows\mozver.dat

[2010/08/24 22:25:51 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/06/27 23:06:51 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2010/03/13 14:01:40 | 000,000,175 | ---- | C] () -- C:\Windows\ANS2000.INI

[2010/03/13 14:01:40 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini

[2010/03/13 14:01:40 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini

[2010/02/25 02:31:28 | 000,000,120 | ---- | C] () -- C:\Windows\Tb98.ini

[2010/02/25 02:31:26 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL

[2010/02/25 02:31:26 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE

[2010/02/25 02:31:25 | 000,046,512 | ---- | C] () -- C:\Windows\System32\EPSN.DLL

[2010/02/25 02:31:25 | 000,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL

[2010/02/25 02:31:25 | 000,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL

[2010/02/07 15:15:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010/02/07 15:15:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010/02/07 15:15:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010/02/07 15:15:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010/02/07 15:15:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010/02/07 15:15:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010/02/07 15:15:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010/02/07 15:15:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010/02/07 15:15:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010/02/07 15:15:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010/02/07 15:15:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010/02/07 15:15:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010/02/07 15:15:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010/02/07 15:15:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010/02/07 15:15:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/01/20 14:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/19 17:42:44 | 000,032,256 | ---- | C] () -- C:\Users\crispin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/15 22:13:36 | 000,000,014 | ---- | C] () -- C:\Windows\System32\Systemdrv.sys

[2009/12/09 19:00:37 | 000,000,011 | ---- | C] () -- C:\Windows\exchng.ini

[2009/12/09 19:00:36 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/12/09 19:00:36 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/10/15 19:48:25 | 000,003,840 | ---- | C] () -- C:\Windows\System32\drivers\BANTExt.sys

[2009/09/24 08:58:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/09/17 08:33:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/17 08:33:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/17 08:33:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/08/25 11:07:39 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll

[2009/08/08 17:04:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/05/15 02:04:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/04/28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll

[2006/12/20 18:28:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,292,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,610,860 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,109,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/02/27 18:07:00 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[1997/08/01 01:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL

[1997/08/01 01:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL

[1997/08/01 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1997/08/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/09/08 08:55:58 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\abelhadigital.com

[2011/04/17 00:40:18 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Airytec

[2010/01/19 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Autodesk

[2010/01/19 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\DriverCure

[2010/02/11 15:28:34 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\EPSON

[2011/10/06 14:37:53 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\gtk-2.0

[2010/11/15 02:55:36 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\ID Vault

[2010/05/04 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\InterVideo

[2011/03/25 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\IObit

[2011/01/24 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\IrfanView

[2011/03/11 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\NetAssistant

[2010/01/19 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\OpenOffice.org

[2010/10/25 12:59:47 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\PCToolsFirewallPlus

[2010/06/27 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\PrimoPDF

[2011/10/14 07:28:57 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\QuickScan

[2010/10/25 12:59:20 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Spam Monitor

[2010/08/11 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\TeamViewer

[2010/01/19 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\TomTom

[2010/02/15 12:42:09 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Trusteer

[2010/09/30 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Unyp

[2011/04/09 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Windows Live Writer

[2010/04/06 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2010/04/06 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2011/10/15 06:17:12 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job

[2011/08/21 04:55:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2011/10/14 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2011/10/04 03:45:01 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011/10/15 01:59:19 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010/08/11 21:38:06 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log

[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2009/08/08 05:42:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/12/15 22:14:25 | 000,000,000 | ---- | M] () -- C:\dxva.log

[2010/09/17 00:31:11 | 000,000,104 | ---- | M] () -- C:\Internet Explorer - Shortcut (2).lnk

[2009/09/26 01:17:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/09/26 01:17:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/10/25 13:49:12 | 000,000,029 | ---- | M] () -- C:\mylog.txt

[2010/01/19 14:32:26 | 000,000,866 | ---- | M] () -- C:\OpenOffice.org 3.1.lnk

[2011/10/15 06:16:37 | 2459,713,536 | -HS- | M] () -- C:\pagefile.sys

[2009/09/15 13:14:41 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

[2011/09/04 18:32:26 | 000,000,370 | ---- | M] () -- C:\rkill.log

[2010/03/06 00:45:35 | 000,497,542 | ---- | M] () -- C:\ScanImage01.jpg

[2010/03/06 00:45:37 | 001,225,551 | ---- | M] () -- C:\ScanImage02.jpg

[2010/03/06 00:45:38 | 001,277,259 | ---- | M] () -- C:\ScanImage03.jpg

[2010/03/06 00:45:39 | 001,417,040 | ---- | M] () -- C:\ScanImage04.jpg

[2010/03/06 00:45:40 | 001,177,474 | ---- | M] () -- C:\ScanImage05.jpg

[2010/03/06 00:45:41 | 001,490,617 | ---- | M] () -- C:\ScanImage06.jpg

[2010/03/06 00:45:42 | 001,361,389 | ---- | M] () -- C:\ScanImage07.jpg

[2010/03/06 00:45:43 | 001,241,114 | ---- | M] () -- C:\ScanImage08.jpg

[2010/03/06 00:45:44 | 000,611,744 | ---- | M] () -- C:\ScanImage09.jpg

[2010/03/06 00:45:46 | 001,664,031 | ---- | M] () -- C:\ScanImage10.jpg

[2010/03/06 00:47:27 | 001,317,610 | ---- | M] () -- C:\ScanImage100.jpg

[2010/03/06 00:47:28 | 001,376,471 | ---- | M] () -- C:\ScanImage101.jpg

[2010/03/06 00:47:29 | 001,461,973 | ---- | M] () -- C:\ScanImage102.jpg

[2010/03/06 00:45:47 | 000,648,572 | ---- | M] () -- C:\ScanImage11.jpg

[2010/03/06 00:45:48 | 000,633,808 | ---- | M] () -- C:\ScanImage12.jpg

[2010/03/06 00:45:49 | 000,567,145 | ---- | M] () -- C:\ScanImage13.jpg

[2010/03/06 00:45:50 | 000,846,684 | ---- | M] () -- C:\ScanImage14.jpg

[2010/03/06 00:45:51 | 000,739,236 | ---- | M] () -- C:\ScanImage15.jpg

[2010/03/06 00:45:52 | 001,261,208 | ---- | M] () -- C:\ScanImage16.jpg

[2010/03/06 00:45:53 | 001,358,596 | ---- | M] () -- C:\ScanImage17.jpg

[2010/03/06 00:45:55 | 001,388,630 | ---- | M] () -- C:\ScanImage18.jpg

[2010/03/06 00:45:56 | 001,542,479 | ---- | M] () -- C:\ScanImage19.jpg

[2010/03/06 00:45:57 | 000,766,325 | ---- | M] () -- C:\ScanImage20.jpg

[2010/03/06 00:45:58 | 001,329,710 | ---- | M] () -- C:\ScanImage21.jpg

[2010/03/06 00:45:59 | 001,628,297 | ---- | M] () -- C:\ScanImage22.jpg

[2010/03/06 00:46:01 | 000,967,719 | ---- | M] () -- C:\ScanImage23.jpg

[2010/03/06 00:46:02 | 000,949,955 | ---- | M] () -- C:\ScanImage24.jpg

[2010/03/06 00:46:03 | 000,779,886 | ---- | M] () -- C:\ScanImage25.jpg

[2010/03/06 00:46:04 | 000,520,498 | ---- | M] () -- C:\ScanImage26.jpg

[2010/03/06 00:46:05 | 000,398,555 | ---- | M] () -- C:\ScanImage27.jpg

[2010/03/06 00:46:06 | 000,469,175 | ---- | M] () -- C:\ScanImage28.jpg

[2010/03/06 00:46:07 | 000,493,843 | ---- | M] () -- C:\ScanImage29.jpg

[2010/03/06 00:46:08 | 001,399,777 | ---- | M] () -- C:\ScanImage30.jpg

[2010/03/06 00:46:09 | 001,418,353 | ---- | M] () -- C:\ScanImage31.jpg

[2010/03/06 00:46:10 | 001,407,178 | ---- | M] () -- C:\ScanImage32.jpg

[2010/03/06 00:46:11 | 001,004,001 | ---- | M] () -- C:\ScanImage33.jpg

[2010/03/06 00:46:13 | 001,614,431 | ---- | M] () -- C:\ScanImage34.jpg

[2010/03/06 00:46:14 | 000,974,932 | ---- | M] () -- C:\ScanImage35.jpg

[2010/03/06 00:46:15 | 000,315,121 | ---- | M] () -- C:\ScanImage36.jpg

[2010/03/06 00:46:16 | 000,994,408 | ---- | M] () -- C:\ScanImage37.jpg

[2010/03/06 00:46:17 | 000,820,129 | ---- | M] () -- C:\ScanImage38.jpg

[2010/03/06 00:46:18 | 001,507,269 | ---- | M] () -- C:\ScanImage39.jpg

[2010/03/06 00:46:19 | 001,138,119 | ---- | M] () -- C:\ScanImage40.jpg

[2010/03/06 00:46:20 | 001,063,731 | ---- | M] () -- C:\ScanImage41.jpg

[2010/03/06 00:46:21 | 001,169,277 | ---- | M] () -- C:\ScanImage42.jpg

[2010/03/06 00:46:23 | 001,320,179 | ---- | M] () -- C:\ScanImage43.jpg

[2010/03/06 00:46:24 | 001,232,008 | ---- | M] () -- C:\ScanImage44.jpg

[2010/03/06 00:46:25 | 001,478,098 | ---- | M] () -- C:\ScanImage45.jpg

[2010/03/06 00:46:26 | 001,470,491 | ---- | M] () -- C:\ScanImage46.jpg

[2010/03/06 00:46:27 | 001,334,979 | ---- | M] () -- C:\ScanImage47.jpg

[2010/03/06 00:46:28 | 001,225,015 | ---- | M] () -- C:\ScanImage48.jpg

[2010/03/06 00:46:30 | 000,726,714 | ---- | M] () -- C:\ScanImage49.jpg

[2010/03/06 00:46:31 | 001,463,849 | ---- | M] () -- C:\ScanImage50.jpg

[2010/03/06 00:46:32 | 001,614,709 | ---- | M] () -- C:\ScanImage51.jpg

[2010/03/06 00:46:33 | 000,176,441 | ---- | M] () -- C:\ScanImage52.jpg

[2010/03/06 00:46:34 | 001,576,530 | ---- | M] () -- C:\ScanImage53.jpg

[2010/03/06 00:46:35 | 001,583,156 | ---- | M] () -- C:\ScanImage54.jpg

[2010/03/06 00:46:36 | 001,741,682 | ---- | M] () -- C:\ScanImage55.jpg

[2010/03/06 00:46:38 | 001,402,625 | ---- | M] () -- C:\ScanImage56.jpg

[2010/03/06 00:46:39 | 001,430,170 | ---- | M] () -- C:\ScanImage57.jpg

[2010/03/06 00:46:40 | 000,796,870 | ---- | M] () -- C:\ScanImage58.jpg

[2010/03/06 00:46:41 | 001,357,854 | ---- | M] () -- C:\ScanImage59.jpg

[2010/03/06 00:46:42 | 000,514,876 | ---- | M] () -- C:\ScanImage60.jpg

[2010/03/06 00:46:43 | 001,179,194 | ---- | M] () -- C:\ScanImage61.jpg

[2010/03/06 00:46:44 | 001,481,701 | ---- | M] () -- C:\ScanImage62.jpg

[2010/03/06 00:46:46 | 001,326,628 | ---- | M] () -- C:\ScanImage63.jpg

[2010/03/06 00:46:47 | 001,449,474 | ---- | M] () -- C:\ScanImage64.jpg

[2010/03/06 00:46:48 | 001,254,957 | ---- | M] () -- C:\ScanImage65.jpg

[2010/03/06 00:46:49 | 001,136,703 | ---- | M] () -- C:\ScanImage66.jpg

[2010/03/06 00:46:50 | 001,424,583 | ---- | M] () -- C:\ScanImage67.jpg

[2010/03/06 00:46:51 | 001,173,365 | ---- | M] () -- C:\ScanImage68.jpg

[2010/03/06 00:46:53 | 000,807,519 | ---- | M] () -- C:\ScanImage69.jpg

[2010/03/06 00:46:54 | 001,468,030 | ---- | M] () -- C:\ScanImage70.jpg

[2010/03/06 00:46:55 | 001,394,176 | ---- | M] () -- C:\ScanImage71.jpg

[2010/03/06 00:46:56 | 001,010,966 | ---- | M] () -- C:\ScanImage72.jpg

[2010/03/06 00:46:57 | 000,624,878 | ---- | M] () -- C:\ScanImage73.jpg

[2010/03/06 00:46:58 | 000,185,761 | ---- | M] () -- C:\ScanImage74.jpg

[2010/03/06 00:46:59 | 000,582,301 | ---- | M] () -- C:\ScanImage75.jpg

[2010/03/06 00:47:00 | 000,412,592 | ---- | M] () -- C:\ScanImage76.jpg

[2010/03/06 00:47:01 | 000,616,921 | ---- | M] () -- C:\ScanImage77.jpg

[2010/03/06 00:47:02 | 000,721,510 | ---- | M] () -- C:\ScanImage78.jpg

[2010/03/06 00:47:03 | 000,231,366 | ---- | M] () -- C:\ScanImage79.jpg

[2010/03/06 00:47:04 | 001,004,454 | ---- | M] () -- C:\ScanImage80.jpg

[2010/03/06 00:47:05 | 001,072,298 | ---- | M] () -- C:\ScanImage81.jpg

[2010/03/06 00:47:06 | 000,478,925 | ---- | M] () -- C:\ScanImage82.jpg

[2010/03/06 00:47:08 | 001,042,559 | ---- | M] () -- C:\ScanImage83.jpg

[2010/03/06 00:47:09 | 001,325,223 | ---- | M] () -- C:\ScanImage84.jpg

[2010/03/06 00:47:10 | 000,546,508 | ---- | M] () -- C:\ScanImage85.jpg

[2010/03/06 00:47:11 | 000,842,765 | ---- | M] () -- C:\ScanImage86.jpg

[2010/03/06 00:47:12 | 000,531,415 | ---- | M] () -- C:\ScanImage87.jpg

[2010/03/06 00:47:13 | 000,469,758 | ---- | M] () -- C:\ScanImage88.jpg

[2010/03/06 00:47:14 | 001,321,915 | ---- | M] () -- C:\ScanImage89.jpg

[2010/03/06 00:47:16 | 000,792,536 | ---- | M] () -- C:\ScanImage90.jpg

[2010/03/06 00:47:17 | 001,293,287 | ---- | M] () -- C:\ScanImage91.jpg

[2010/03/06 00:47:18 | 001,386,516 | ---- | M] () -- C:\ScanImage92.jpg

[2010/03/06 00:47:19 | 001,450,788 | ---- | M] () -- C:\ScanImage93.jpg

[2010/03/06 00:47:20 | 000,625,973 | ---- | M] () -- C:\ScanImage94.jpg

[2010/03/06 00:47:21 | 000,624,873 | ---- | M] () -- C:\ScanImage95.jpg

[2010/03/06 00:47:22 | 000,597,353 | ---- | M] () -- C:\ScanImage96.jpg

[2010/03/06 00:47:23 | 001,060,559 | ---- | M] () -- C:\ScanImage97.jpg

[2010/03/06 00:47:25 | 001,245,729 | ---- | M] () -- C:\ScanImage98.jpg

[2010/03/06 00:47:26 | 001,347,805 | ---- | M] () -- C:\ScanImage99.jpg

[2010/07/09 19:41:12 | 000,009,715 | ---- | M] () -- C:\scramble.log

[2010/07/21 20:35:19 | 000,061,440 | -H-- | M] () -- C:\SZKGFS.dat

[2009/12/15 22:14:25 | 000,000,000 | ---- | M] () -- C:\VO.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/11/02 10:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL

[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

[2011/09/06 14:30:12 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >

[2009/09/16 08:48:47 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/07 20:26:07 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/07 20:26:07 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/07 20:26:07 | 000,713,016 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/07 20:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/07 20:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/07 20:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/29 13:21:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/29 13:21:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/29 13:21:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/29 13:21:28 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/29 13:21:28 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >