[kamots22]

This started a month ago with a blue screen out of the blue...no problems prior.
Win7 Pro system, 2.13ghz dual core, 8gb ram, 2 cd/dvd drives

My firewall & virus software was turned off last time I could access my PC.

Norton 360 running at the time of infection [all updated]
I tried to use a restore point, non available.
I've loaded PC Tools....no help, it didn't find anything.

Downloaded the AVG boot disk and that found the win32 & fraud malware
Later on, it found the Generic24.
Currently I can't load windows....it goes thru the windows boot, password, etc and comes up a blank screen.
I've also downloaded the Hiren disk and that will boot as well as the AVG boot.
I've tried to do startup repair with no success.
I can get to the F8 boot menu diagnostics. Was unable to boot in Safe mode.
I have access to a different PC. I have a Mac right next to the infected PC.
Some of my data is backed up to dropbox, some is not.
I've downloaded the OTL but obviously can't run it with a black screen.

Any help would be greatly appreciated. Don't know if you guys/gals take donations but if you can
fix this, I'd be happy to donate to the cause. Thanks for your help in advance! vern

Edited by kamots22, 11 October 2011 - 11:03 AM.

[Advertisements]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Sorry to hear you're experiencing all of these issues with your computer. It's no fun at all to be in a situation like that.

I'm going to do my best to get your computer booted back-up again, but no promises can be made.

I'm going to provide instructions for you to perform which will require you to burn a disc, and then boot-up into it.

When you get booted into it, you should back-up any data that you want to retain copies of, before you proceed with running the OTL scan.

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[SweetTech]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Sorry to hear you're experiencing all of these issues with your computer. It's no fun at all to be in a situation like that.

I'm going to do my best to get your computer booted back-up again, but no promises can be made.

I'm going to provide instructions for you to perform which will require you to burn a disc, and then boot-up into it.

When you get booted into it, you should back-up any data that you want to retain copies of, before you proceed with running the OTL scan.

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[kamots22]

Thank you so much for your help. I couldn't find help anywhere, even Norton until I stumbled across GTG.

Question 1:
Are you really in Antarctica??????? [I know...you could tell me, but then you'd have to kill me]

Question 2:
I could not find the attached "Scan.txt" file you said to drag into the custom Scans/fixes area.

I ran the scan on the windows folder and here is what I came up with.
Thanks again for your help Agent ST!

OTL logfile created on: 10/11/2011 4:21:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.21 Mb Free Space | 74.22% Space Free | Partition Type: NTFS
Drive H: | 465.66 Gb Total Space | 212.75 Gb Free Space | 45.69% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto] -- H:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/05/04 20:01:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto] -- H:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- H:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/09 12:37:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- H:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- H:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/16 08:02:40 | 001,034,208 | ---- | M] (PC Tools) [On_Demand] -- H:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/02/16 08:02:28 | 001,050,592 | ---- | M] (PC Tools) [On_Demand] -- H:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/02/16 08:02:14 | 000,632,800 | ---- | M] (PC Tools) [Auto] -- H:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/02/09 15:56:10 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto] -- H:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto] -- H:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/22 11:17:06 | 000,181,312 | ---- | M] () [Auto] -- H:\Program Files (x86)\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand] -- H:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto] -- H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/21 20:24:20 | 000,487,672 | ---- | M] (HiWired Inc.) [Auto] -- H:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe -- (HiWiredCore)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/04 19:34:18 | 000,162,328 | ---- | M] (PC Tools) [Kernel | On_Demand] -- H:\Windows\System32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV:64bit: - [2011/02/04 19:34:08 | 000,189,880 | ---- | M] (PC Tools) [Kernel | On_Demand] -- H:\Windows\System32\drivers\PCTDSMon.sys -- (PCTDSMon)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/10/09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/05 00:57:34 | 000,075,088 | ---- | M] (PC Dynamics, Inc.) [Kernel | System] -- H:\Windows\System32\drivers\SAFDSKNT.SYS -- (SafDskNT)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- H:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/06 14:30:06 | 000,227,328 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2011/02/04 19:32:00 | 000,108,056 | ---- | M] (PC Tools) [Kernel | On_Demand] -- H:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1





========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.49167
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.314

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: H:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: H:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@radialpoint.com/SPA,version=1: H:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\NitroPDF: H:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 13:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/04 13:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/04 13:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Screengrab) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("Garmin Communicator") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (MouseZoom) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Fire.fm) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (iMacros for Firefox) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("CoolPreviews") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Adblock Plus) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownThemAll!) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Cooliris) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("AmazonAssist") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2011/10/04 14:31:40 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Screengrab) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/29 16:09:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 00:41:08 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/06/17 11:44:19 | 000,000,000 | ---D | M] (MouseZoom) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2011/03/20 18:45:27 | 000,000,000 | ---D | M] (Fire.fm) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/10/04 14:31:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/09/10 13:45:05 | 000,000,000 | ---D | M] (Showcase) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/22 14:15:54 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/27 16:59:21 | 000,000,000 | ---D | M] (Pixlr Grabber) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/06/17 11:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/10 13:10:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/10/04 13:44:42 | 000,000,000 | ---D | M] (Cooliris) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/09/16 20:55:58 | 000,000,945 | ---- | M] () -- H:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\searchplugins\youtube-video-search.xml
[2011/10/04 13:42:09 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/17 23:49:52 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/27 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- H:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- H:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- H:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 03:10:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - H:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\admin_ON_H\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\admin_ON_H\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] H:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [SSDMonitor] H:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKU\admin_ON_H..\Run: [HD] H:\Program Files (x86)\U-Clean\Hd.cmd ()
O4 - HKU\admin_ON_H..\Run: [Jing] H:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\admin_ON_H..\Run: [RocketDock] H:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser.PDS-22_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser.PDS-22_ON_H..\RunOnce: [mctadmin] File not found
O4 - Startup: H:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: H:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ()
O4 - Startup: H:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - admin_ON_H\..Trusted Domains: millenniumchem.com ([remote] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - H:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 20:26:23 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Belarc
[2011/10/04 18:15:38 | 000,000,000 | ---D | C] -- H:\Users\admin\Desktop\Tools
[2011/10/04 18:14:48 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:14:47 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Safer Networking
[2011/10/04 18:06:11 | 000,000,000 | ---D | C] -- H:\Windows\ERDNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\ERUNT
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Spybot - Search & Destroy
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 16:21:06 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/04 15:23:12 | 000,000,000 | ---D | C] -- H:\d4f14e97366c60bd3caabb9ca8
[2011/10/04 14:44:18 | 000,000,000 | ---D | C] -- H:\2607f8a13b7c9fa9aa66e8ab31632f
[2011/10/04 13:24:18 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 13:23:45 | 000,000,000 | ---D | C] -- H:\ProgramData\NVIDIA
[2011/10/04 13:23:40 | 006,136,936 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcpl.dll
[2011/10/04 13:23:40 | 003,021,416 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvsvc64.dll
[2011/10/04 13:23:40 | 000,836,200 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\easyupdatusapiu64.dll
[2011/10/04 13:23:40 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvmctray.dll
[2011/10/04 13:23:40 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvshext.dll
[2011/10/04 13:23:33 | 000,000,000 | ---D | C] -- H:\ProgramData\NVIDIA Corporation
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- H:\Windows\SysWow64\nvwgf2um.dll
[2011/10/04 13:23:00 | 001,519,720 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispco64.dll
[2011/10/04 13:23:00 | 001,453,160 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvgenco64.dll
[2011/10/04 12:50:56 | 000,506,400 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvudisp.exe
[2011/10/04 12:50:03 | 000,506,400 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\NVUNINST.EXE
[2011/10/03 20:59:27 | 000,000,000 | -HSD | C] -- H:\found.005
[2011/10/03 19:40:54 | 001,182,680 | ---- | C] (PC Tools) -- H:\Windows\is-CAMTS.exe
[2011/10/03 13:33:13 | 000,000,000 | -HSD | C] -- H:\found.004
[2011/10/01 21:46:10 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Registry Mechanic
[2011/10/01 20:59:35 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit
[2011/10/01 20:38:17 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msxml4a.dll
[2011/10/01 20:38:15 | 000,189,880 | ---- | C] (PC Tools) -- H:\Windows\System32\drivers\PCTDSMon.sys
[2011/10/01 20:38:15 | 000,162,328 | ---- | C] (PC Tools) -- H:\Windows\System32\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- H:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- H:\Windows\SysWow64\UniBox210.ocx
[2011/10/01 20:38:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- H:\Windows\SysWow64\UniBox10.ocx
[2011/10/01 20:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\MSCOMCT2.OCX
[2011/10/01 20:38:13 | 000,506,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msxml.dll
[2011/10/01 20:38:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- H:\Windows\SysWow64\UniBoxVB12.ocx
[2011/10/01 20:38:09 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\PC Tools Utilities
[2011/10/01 20:38:09 | 000,000,000 | ---D | C] -- H:\docs\File Recover
[2011/10/01 14:09:29 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\PCToolsFirewallPlus
[2011/10/01 14:09:28 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Spam Monitor
[2011/10/01 11:39:03 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Local\Threat Expert
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- H:\Windows\PCTBDCore.dll1052.old
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- H:\Windows\PCTBDCore.dll1027.old
[2011/09/30 17:51:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- H:\Windows\PCTBDCore.dll1000.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- H:\Windows\SGDetectionTool.dll1052.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- H:\Windows\SGDetectionTool.dll1027.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- H:\Windows\SGDetectionTool.dll1000.old
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Spyware Doctor
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- H:\ProgramData\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\PC Tools
[2011/09/30 16:20:36 | 000,000,000 | ---D | C] -- H:\ProgramData\TEMP
[2011/09/30 16:04:09 | 000,000,000 | ---D | C] -- H:\ProgramData\SecTaskMan
[2011/09/19 13:03:14 | 000,000,000 | -HSD | C] -- H:\found.003
[2011/09/18 11:55:26 | 000,000,000 | ---D | C] -- H:\Windows\CheckSur
[2011/09/18 10:31:48 | 000,000,000 | -HSD | C] -- H:\found.002
[2011/09/18 09:28:50 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2011/09/18 09:28:49 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Eusing Free Registry Cleaner
[2011/09/17 01:31:20 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Tific
[2011/09/17 01:31:09 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Local\Symantec
[2011/09/17 00:37:10 | 000,000,000 | -HSD | C] -- H:\found.001
[2011/09/16 17:49:20 | 000,000,000 | -HSD | C] -- H:\Config.Msi
[2011/09/16 14:43:28 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Malwarebytes
[2011/09/16 14:43:19 | 000,000,000 | ---D | C] -- H:\ProgramData\Malwarebytes
[2011/09/16 14:43:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- H:\Windows\System32\drivers\mbam.sys
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- H:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NirSoft
[2011/09/16 12:15:48 | 000,000,000 | -HSD | C] -- H:\found.000
[2011/09/14 11:13:23 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[2011/09/14 11:13:22 | 000,000,000 | ---D | C] -- H:\Program Files\zabkat
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[1 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 12:10:22 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2011/10/11 12:10:04 | 2146,267,135 | -HS- | M] () -- H:\hiberfil.sys
[2011/10/06 09:33:45 | 000,003,288 | ---- | M] () -- H:\bootsqm.dat
[2011/10/04 21:08:20 | 000,015,040 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 21:08:20 | 000,015,040 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 20:57:18 | 000,024,580 | -H-- | M] () -- H:\docs\.DS_Store
[2011/10/04 20:26:23 | 000,002,082 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | M] () -- H:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | M] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 18:14:48 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:05:37 | 000,000,930 | ---- | M] () -- H:\Users\admin\Desktop\NTREGOPT.lnk
[2011/10/04 18:05:37 | 000,000,911 | ---- | M] () -- H:\Users\admin\Desktop\ERUNT.lnk
[2011/10/04 18:05:37 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:01:03 | 000,006,785 | ---- | M] () -- H:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2011/10/04 16:21:07 | 000,001,288 | ---- | M] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 16:21:07 | 000,001,264 | ---- | M] () -- H:\Users\admin\Desktop\Spybot - Search & Destroy.lnk
[2011/10/04 16:21:07 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 13:51:40 | 000,002,120 | ---- | M] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/04 13:50:12 | 000,002,096 | ---- | M] () -- H:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:44:52 | 000,002,052 | ---- | M] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | M] () -- H:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 13:24:30 | 001,742,966 | ---- | M] () -- H:\Windows\System32\drivers\Cat.DB
[2011/10/04 13:24:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- H:\Windows\SysWow64\SM.lock
[2011/10/03 19:40:54 | 001,182,680 | ---- | M] (PC Tools) -- H:\Windows\is-CAMTS.exe
[2011/10/03 19:40:54 | 000,021,031 | ---- | M] () -- H:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | M] () -- H:\Windows\is-CAMTS.lst
[2011/10/01 20:38:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/01 00:02:22 | 000,672,662 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2011/10/01 00:02:22 | 000,125,394 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2011/09/30 17:47:39 | 000,003,384 | ---- | M] () -- H:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/30 14:34:58 | 000,470,912 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2011/09/17 15:27:22 | 000,002,640 | ---- | M] () -- H:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/17 13:41:30 | 000,000,978 | ---- | M] () -- H:\Users\Public\Desktop\xplorer2.lnk
[2011/09/16 18:11:47 | 000,772,990 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 12:47:29 | 502,738,679 | ---- | M] () -- H:\Windows\MEMORY.DMP
[2011/09/14 14:39:41 | 000,000,205 | -H-- | M] () -- H:\docs\Drawing1.dwl2
[2011/09/14 14:39:41 | 000,000,055 | -H-- | M] () -- H:\docs\Drawing1.dwl
[2011/09/14 11:13:24 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[4 H:\Windows\System32\*.tmp files -> H:\Windows\System32\*.tmp -> ]
[1 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]
[1 H:\ProgramData\*.tmp files -> H:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/06 09:33:45 | 000,003,288 | ---- | C] () -- H:\bootsqm.dat
[2011/10/04 20:26:23 | 000,002,082 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | C] () -- H:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | C] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 18:05:37 | 000,000,930 | ---- | C] () -- H:\Users\admin\Desktop\NTREGOPT.lnk
[2011/10/04 18:05:37 | 000,000,911 | ---- | C] () -- H:\Users\admin\Desktop\ERUNT.lnk
[2011/10/04 16:21:07 | 000,001,288 | ---- | C] () -- H:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 16:21:07 | 000,001,264 | ---- | C] () -- H:\Users\admin\Desktop\Spybot - Search & Destroy.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,096 | ---- | C] () -- H:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | C] () -- H:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 12:50:56 | 001,732,608 | ---- | C] () -- H:\Windows\System32\msicpl.dll
[2011/10/04 12:50:56 | 000,052,072 | ---- | C] () -- H:\Windows\System32\startup.exe
[2011/10/04 12:50:56 | 000,009,939 | ---- | C] () -- H:\Windows\System32\nvdisp.nvu
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- H:\Windows\SysWow64\SM.lock
[2011/10/03 19:40:54 | 000,021,031 | ---- | C] () -- H:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | C] () -- H:\Windows\is-CAMTS.lst
[2011/10/01 20:38:13 | 000,040,416 | ---- | C] () -- H:\Windows\System32\CleanMFT64.exe
[2011/10/01 13:24:46 | 001,742,966 | ---- | C] () -- H:\Windows\System32\drivers\Cat.DB
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- H:\Windows\BDTSupport.dll1052.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- H:\Windows\BDTSupport.dll1027.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- H:\Windows\BDTSupport.dll1000.old
[2011/09/30 17:47:38 | 000,003,384 | ---- | C] () -- H:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/30 17:09:12 | 000,007,353 | ---- | C] () -- H:\Windows\System32\drivers\pctplsg64.cat
[2011/09/17 15:27:21 | 000,002,640 | ---- | C] () -- H:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/14 14:39:41 | 000,000,205 | -H-- | C] () -- H:\docs\Drawing1.dwl2
[2011/09/14 14:39:41 | 000,000,055 | -H-- | C] () -- H:\docs\Drawing1.dwl
[2011/09/14 11:13:24 | 000,000,978 | ---- | C] () -- H:\Users\Public\Desktop\xplorer2.lnk
[2011/08/11 04:08:18 | 000,004,096 | -H-- | C] () -- H:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:56:19 | 000,002,073 | ---- | C] () -- H:\Windows\checkip.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/07/07 08:03:42 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2011/07/07 08:03:38 | 000,302,592 | ---- | C] () -- H:\Windows\SysWow64\cmd.exe
[2011/07/07 08:02:59 | 000,073,216 | ---- | C] () -- H:\Windows\SysWow64\msiexec.exe
[2011/07/07 08:02:54 | 000,030,720 | ---- | C] () -- H:\Windows\SysWow64\msdmo.dll
[2011/07/01 06:31:55 | 000,159,741 | ---- | C] () -- H:\Windows\U-Clean Uninstaller.exe
[2011/05/28 09:36:14 | 000,159,609 | ---- | C] () -- H:\Windows\U-Surf Uninstaller.exe
[2011/05/19 22:10:38 | 000,001,940 | ---- | C] () -- H:\Users\admin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 20:48:18 | 000,000,153 | ---- | C] () -- H:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 19:53:52 | 000,772,990 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/17 08:46:20 | 000,000,760 | ---- | C] () -- H:\Users\admin\AppData\Roaming\setup_ldm.iss
[2011/04/15 21:16:59 | 000,007,631 | ---- | C] () -- H:\Users\admin\AppData\Local\resmon.resmoncfg
[2011/02/25 03:12:17 | 000,117,054 | ---- | C] () -- H:\Windows\CPICWPPR.DAT
[2011/01/10 17:01:00 | 000,006,785 | ---- | C] () -- H:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2010/12/10 02:44:40 | 000,186,368 | ---- | C] () -- H:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 18:38:06 | 000,000,376 | ---- | C] () -- H:\Windows\ODBC.INI
[2010/11/21 03:33:33 | 000,000,000 | ---- | C] () -- H:\Windows\HPMProp.INI
[2010/11/21 02:38:55 | 000,000,126 | ---- | C] () -- H:\Windows\QUICKEN.INI
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- H:\Windows\primopdf.ini
[2009/08/17 21:24:28 | 000,000,108 | RHS- | C] () -- H:\Windows\neoqaz2.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- H:\Windows\regtlib.exe

========== LOP Check ==========

[2011/05/04 21:12:26 | 000,000,000 | ---D | M] -- H:\ProgramData\2012
[2010/11/21 02:19:43 | 000,000,000 | ---D | M] -- H:\ProgramData\Amazon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2011/07/09 11:55:47 | 000,000,000 | ---D | M] -- H:\ProgramData\Autodesk
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2011/06/02 16:33:16 | 000,000,000 | ---D | M] -- H:\ProgramData\HiWired
[2010/12/21 04:32:56 | 000,000,000 | ---D | M] -- H:\ProgramData\Nitro PDF
[2011/06/02 16:03:51 | 000,000,000 | ---D | M] -- H:\ProgramData\Radialpoint
[2011/10/04 16:18:57 | 000,000,000 | ---D | M] -- H:\ProgramData\SecTaskMan
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2011/10/04 14:25:35 | 000,000,000 | ---D | M] -- H:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2011/06/02 16:03:36 | 000,000,000 | ---D | M] -- H:\ProgramData\Windstream
[2011/10/01 10:54:40 | 000,025,942 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8256 bytes -> H:\docs\Adult.sdsk:Backup
@Alternate Data Stream - 76 bytes -> H:\docs\zims dog.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Recovery Disk.stx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\PDF's:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\gund end stage.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Falcon Soccer Match Label.stx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Falcon Soccer 2.stx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\everlife.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Dino.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\BIG Claws.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Banquet 2007.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\Ableton:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\1ST WIN 2007.stx:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> H:\docs\1ST WIN 2007 2.stx:Roxio EMC Stream
@Alternate Data Stream - 150 bytes -> H:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> H:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 127 bytes -> H:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> H:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> H:\Windows:
< End of report >

[SweetTech]

Hi kamots22!

Thank you so much for your help. I couldn't find help anywhere, even Norton until I stumbled across GTG.

You're welcome!

Are you really in Antarctica??????? [I know...you could tell me, but then you'd have to kill me]

No, I'm not really in Antarctica. You'd be surprised how many people ask me that question. It's a good discussion topic.

I could not find the attached "Scan.txt" file you said to drag into the custom Scans/fixes area.

Whoops. You didn't find the attached Scan.txt file as I didn't attach it to my previous post, and because I didn't remove that line from my instructions before posting it to you.

Start OTLPE as you did previously from CD
Copy the attached  Fix.txt   166bytes   122 downloads to a USB

• Insert your USB drive with fix.txt on it
• Start OTLPE
• Drag and drop fix.txt into the Custom scans and fixes box
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done to normal mode if possible
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[kamots22]

hmmmm.....I ran "Run Fix" and it came back with errors...log below:

��========== OTL ==========

Error: Unable to interpret <:Registry> in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]> in the current context!

Error: Unable to interpret <"Userinit"="C:\\windows\\system32\\userinit.exe,"> in the current context!

Error: Unable to interpret <"Shell"="explorer.exe"> in the current context!



OTLPE by OldTimer - Version 3.1.48.0 log created on 10112011_171558


?1 Do you want me to continue with the reboot?
?2 Do you want me to run another OTL scan once I'm rebooted and then post it?

Thank you!

[SweetTech]

Try this fix.

 Fix.txt   161bytes   123 downloads

[kamots22]

Hello Agent ST!

I didn't forget you...lol

Here's where I'm at.

I tried to start Win7 normally after running the "Run Fix". It would not boot. It would get as far
as trying to start windows, but I have "Taskeng" running when windows starts [for file synchronization using synctoy]
Without asking your permission, [slap me now!] I started it in Safe mode...it took 4ever, but reluctantly started.

I'm running OTLPE off the CD and it seems to be running ok....but v-e-r-y s-l-o-w.
I wanted to try and shut off the "taskeng" at startup to maybe get into normal windows, but I'm going to ask your
permission on this one. I believe you edit start up items with msconfig but I'm not sure that will run in safe mode
and I'm not even going to try until I have your blessing.

I'm hoping as I'm typing this that the scan will be done so I can include that as well. Otherwise, I will leave windows
in safe mode until I rec'v further instruction from the Agent in charge.

By the way, I also noticed I have the log files for the AVG scans I had run previously if your interested....

I just noticed I left LOP check & Purity check checked....I will run it again with these "not checked" if you wish...sorry....

I'm getting the error message "There is no disk in the drive. Please insert a disk into drive \device\harddisk3\dr3."
with the options - cancel, try again, continue

Looks like it's going to be a while. I'll post the OTL.txt once it's done unless I get other instructions....

[kamots22]

Here's the OTL.txt although the errors mentioned earlier came up several times.....
I'll try to run it without the LOP & Purity checks....will post if it runs without errors.

=========================================================

OTL logfile created on: 10/11/2011 11:04:35 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = D:\PROGRAMS\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 90.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 212.84 Gb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive D: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 39.02 Gb Total Space | 0.15 Gb Free Space | 0.39% Space Free | Partition Type: FAT32
Drive K: | 100.00 Mb Total Space | 70.25 Mb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive L: | 39.07 Gb Total Space | 15.89 Gb Free Space | 40.68% Space Free | Partition Type: NTFS
Drive M: | 70.92 Gb Total Space | 20.03 Gb Free Space | 28.25% Space Free | Partition Type: NTFS
Drive N: | 931.41 Gb Total Space | 735.36 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: PDS-22 | User Name: admin
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/05/04 20:01:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/09 12:37:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/16 08:02:40 | 001,034,208 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/02/16 08:02:28 | 001,050,592 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/02/16 08:02:14 | 000,632,800 | ---- | M] (PC Tools) [Auto] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/02/09 15:56:10 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/22 11:17:06 | 000,181,312 | ---- | M] () [Auto] -- C:\Program Files (x86)\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/21 20:24:20 | 000,487,672 | ---- | M] (HiWired Inc.) [Auto] -- C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe -- (HiWiredCore)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/04 19:32:00 | 000,108,056 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2011/02/04 19:32:00 | 000,108,056 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.49167
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.314

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 13:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/04 13:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/04 13:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("AmazonAssist") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2011/10/04 14:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/29 16:09:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 00:41:08 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/06/17 11:44:19 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2011/03/20 18:45:27 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/10/04 14:31:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/09/10 13:45:05 | 000,000,000 | ---D | M] (Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/22 14:15:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/27 16:59:21 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/06/17 11:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/10 13:10:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/10/04 13:44:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/09/16 20:55:58 | 000,000,945 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\searchplugins\youtube-video-search.xml
[2011/10/04 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/17 23:49:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/27 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 03:10:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [HD] C:\Program Files (x86)\U-Clean\Hd.cmd ()
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk = C:\Program Files\Synergy\qsynergy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - S-1-5-21-3997780417-557740596-1451147213-1000\..Trusted Domains: millenniumchem.com ([remote] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/06/03 10:49:00 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 17:11:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/10/04 18:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011/10/04 18:06:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/04 15:23:12 | 000,000,000 | ---D | C] -- C:\d4f14e97366c60bd3caabb9ca8
[2011/10/04 14:44:18 | 000,000,000 | ---D | C] -- C:\2607f8a13b7c9fa9aa66e8ab31632f
[2011/10/04 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/04 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/10/03 20:59:27 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/10/03 19:40:54 | 001,182,680 | ---- | C] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/03 13:33:13 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/10/01 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
[2011/10/01 20:59:35 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit
[2011/10/01 20:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/10/01 20:38:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/10/01 20:38:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/10/01 20:38:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/10/01 20:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/10/01 20:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/10/01 20:38:13 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2011/10/01 20:38:13 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/10/01 20:38:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/10/01 20:38:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/10/01 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Utilities
[2011/10/01 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus
[2011/10/01 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Spam Monitor
[2011/10/01 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1052.old
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1027.old
[2011/09/30 17:51:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1000.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1052.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1027.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1000.old
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/30 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/30 16:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/09/19 13:03:14 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/09/18 11:55:26 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/09/18 10:31:48 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/09/18 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2011/09/18 09:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2011/09/17 01:31:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Tific
[2011/09/17 01:31:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Symantec
[2011/09/17 00:37:10 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/09/16 17:49:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/16 14:43:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011/09/16 14:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/09/16 12:15:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/09/14 11:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[2011/09/14 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\zabkat
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 18:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 18:48:58 | 2146,267,135 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 09:33:45 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/10/04 20:26:23 | 000,002,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 18:14:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:05:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:01:03 | 000,006,785 | ---- | M] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2011/10/04 16:21:07 | 000,001,288 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 16:21:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 13:51:40 | 000,002,120 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/04 13:50:12 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:44:52 | 000,002,052 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 13:24:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2011/10/03 19:40:54 | 001,182,680 | ---- | M] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/03 19:40:54 | 000,021,031 | ---- | M] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | M] () -- C:\Windows\is-CAMTS.lst
[2011/10/01 20:38:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/09/30 17:47:39 | 000,003,384 | ---- | M] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/17 15:27:22 | 000,002,640 | ---- | M] () -- C:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/17 13:41:30 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/09/16 18:11:47 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 12:47:29 | 502,738,679 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/14 11:13:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/06 09:33:45 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/10/04 20:26:23 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 16:21:07 | 000,001,288 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2011/10/03 19:40:54 | 000,021,031 | ---- | C] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | C] () -- C:\Windows\is-CAMTS.lst
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1052.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1027.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1000.old
[2011/09/30 17:47:38 | 000,003,384 | ---- | C] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/17 15:27:21 | 000,002,640 | ---- | C] () -- C:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/14 11:13:24 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/08/11 04:08:18 | 000,004,096 | -H-- | C] () -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:56:19 | 000,002,073 | ---- | C] () -- C:\Windows\checkip.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/07 08:03:38 | 000,302,592 | ---- | C] () -- C:\Windows\SysWow64\cmd.exe
[2011/07/07 08:02:59 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\msiexec.exe
[2011/07/07 08:02:54 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\msdmo.dll
[2011/07/01 06:31:55 | 000,159,741 | ---- | C] () -- C:\Windows\U-Clean Uninstaller.exe
[2011/05/28 09:36:14 | 000,159,609 | ---- | C] () -- C:\Windows\U-Surf Uninstaller.exe
[2011/05/19 22:10:38 | 000,001,940 | ---- | C] () -- C:\Users\admin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 20:48:18 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 19:53:52 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/17 08:46:20 | 000,000,760 | ---- | C] () -- C:\Users\admin\AppData\Roaming\setup_ldm.iss
[2011/04/15 21:16:59 | 000,007,631 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011/02/25 03:12:17 | 000,117,054 | ---- | C] () -- C:\Windows\CPICWPPR.DAT
[2011/01/10 17:01:00 | 000,006,785 | ---- | C] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2010/12/10 02:44:40 | 000,186,368 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 18:38:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/21 03:33:33 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/21 02:38:55 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/17 21:24:28 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2011/06/17 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\.minecraft
[2011/08/27 01:20:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Add-in Express
[2011/05/24 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Amazon
[2011/05/04 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AutoCAD Mechanical 2011
[2011/07/09 11:55:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Autodesk
[2011/09/14 12:43:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dexpot
[2011/07/01 08:57:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Downloaded Installations
[2011/10/04 20:36:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Dropbox
[2011/09/12 18:20:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Foxit Software
[2011/02/07 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2011/01/11 18:15:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Juniper Networks
[2011/04/15 23:07:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Leadertech
[2011/09/09 20:52:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2011/10/01 14:09:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus
[2010/11/22 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PDF Viewer
[2010/12/20 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PrimoPDF
[2011/10/01 21:46:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
[2011/10/01 14:09:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spam Monitor
[2010/11/22 06:40:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Thunderbird
[2011/09/17 01:31:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Tific
[2011/06/11 16:09:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Titanium
[2011/04/19 00:25:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windows SideBar
[2011/06/02 16:03:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windstream
[2011/05/04 21:12:26 | 000,000,000 | ---D | M] -- C:\ProgramData\2012
[2010/11/21 02:19:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Amazon
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/07/09 11:55:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/06/02 16:33:16 | 000,000,000 | ---D | M] -- C:\ProgramData\HiWired
[2010/12/21 04:32:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2011/06/02 16:03:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Radialpoint
[2011/10/04 16:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\SecTaskMan
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/10/04 14:25:35 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/06/02 16:03:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Windstream
[2011/10/01 10:54:40 | 000,026,446 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Windows:
< End of report >

[kamots22]

Good Morning Agent ST [though I would be assuming you're in the same time zone or in the US anyhow...]

This is the last run of OTL...

Even with LOP & Purity unchecked, I still rec'v'd error messages. [but only twice this time]
It also seemed to hang at "Looking for newly modified files: C:\Windows\System32\werui.dll..."

Then it would come up with the previous error message from my last post.

==============================================

OTL logfile created on: 10/11/2011 11:53:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = D:\PROGRAMS\OTLPE
64bit-Windows 7 Professional (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 87.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 212.81 Gb Free Space | 45.70% Space Free | Partition Type: NTFS
Drive D: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 39.02 Gb Total Space | 0.15 Gb Free Space | 0.39% Space Free | Partition Type: FAT32
Drive K: | 100.00 Mb Total Space | 70.25 Mb Free Space | 70.25% Space Free | Partition Type: NTFS
Drive L: | 39.07 Gb Total Space | 15.89 Gb Free Space | 40.68% Space Free | Partition Type: NTFS
Drive M: | 70.92 Gb Total Space | 20.03 Gb Free Space | 28.25% Space Free | Partition Type: NTFS
Drive N: | 931.41 Gb Total Space | 735.36 Gb Free Space | 78.95% Space Free | Partition Type: NTFS

Computer Name: PDS-22 | User Name: admin
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/05/04 20:01:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/09 12:37:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/16 08:02:40 | 001,034,208 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe -- (DMRepairService)
SRV - [2011/02/16 08:02:28 | 001,050,592 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe -- (DMDefragService)
SRV - [2011/02/16 08:02:14 | 000,632,800 | ---- | M] (PC Tools) [Auto] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/02/09 15:56:10 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/22 11:17:06 | 000,181,312 | ---- | M] () [Auto] -- C:\Program Files (x86)\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/21 20:24:20 | 000,487,672 | ---- | M] (HiWired Inc.) [Auto] -- C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe -- (HiWiredCore)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/04 19:32:00 | 000,108,056 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)
DRV - [2011/02/04 19:32:00 | 000,108,056 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys -- (PCTDMDefrag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.49167
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.314

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 13:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/04 13:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/04 13:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("AmazonAssist") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2011/10/04 14:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/29 16:09:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 00:41:08 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/06/17 11:44:19 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2011/03/20 18:45:27 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/10/04 14:31:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/09/10 13:45:05 | 000,000,000 | ---D | M] (Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/22 14:15:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/27 16:59:21 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/06/17 11:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/10 13:10:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/10/04 13:44:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/09/16 20:55:58 | 000,000,945 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\searchplugins\youtube-video-search.xml
[2011/10/04 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/17 23:49:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/27 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 03:10:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [HD] C:\Program Files (x86)\U-Clean\Hd.cmd ()
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk = C:\Program Files\Synergy\qsynergy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - S-1-5-21-3997780417-557740596-1451147213-1000\..Trusted Domains: millenniumchem.com ([remote] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/06/03 10:49:00 | 000,000,000 | ---D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 17:11:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/10/04 18:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011/10/04 18:06:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/04 15:23:12 | 000,000,000 | ---D | C] -- C:\d4f14e97366c60bd3caabb9ca8
[2011/10/04 14:44:18 | 000,000,000 | ---D | C] -- C:\2607f8a13b7c9fa9aa66e8ab31632f
[2011/10/04 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/04 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/10/03 20:59:27 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/10/03 19:40:54 | 001,182,680 | ---- | C] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/03 13:33:13 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/10/01 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
[2011/10/01 20:59:35 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit
[2011/10/01 20:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/10/01 20:38:13 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/10/01 20:38:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/10/01 20:38:13 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/10/01 20:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/10/01 20:38:13 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011/10/01 20:38:13 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2011/10/01 20:38:13 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/10/01 20:38:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/10/01 20:38:13 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/10/01 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Utilities
[2011/10/01 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus
[2011/10/01 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Spam Monitor
[2011/10/01 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1052.old
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1027.old
[2011/09/30 17:51:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1000.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1052.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1027.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1000.old
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/30 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/30 16:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/09/19 13:03:14 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/09/18 11:55:26 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/09/18 10:31:48 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/09/18 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2011/09/18 09:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2011/09/17 01:31:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Tific
[2011/09/17 01:31:09 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Symantec
[2011/09/17 00:37:10 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/09/16 17:49:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/16 14:43:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011/09/16 14:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2011/09/16 13:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/09/16 12:15:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/09/14 11:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[2011/09/14 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\zabkat
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 18:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/11 18:48:58 | 2146,267,135 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/06 09:33:45 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/10/04 20:26:23 | 000,002,082 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 18:14:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:05:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:01:03 | 000,006,785 | ---- | M] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2011/10/04 16:21:07 | 000,001,288 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 16:21:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 13:51:40 | 000,002,120 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/04 13:50:12 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:44:52 | 000,002,052 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 13:24:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2011/10/03 19:40:54 | 001,182,680 | ---- | M] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/03 19:40:54 | 000,021,031 | ---- | M] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | M] () -- C:\Windows\is-CAMTS.lst
[2011/10/01 20:38:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/09/30 17:47:39 | 000,003,384 | ---- | M] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/17 15:27:22 | 000,002,640 | ---- | M] () -- C:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/17 13:41:30 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/09/16 18:11:47 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 12:47:29 | 502,738,679 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/14 11:13:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 pro x64
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/06 09:33:45 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/10/04 20:26:23 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/10/04 20:26:23 | 000,001,310 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/04 16:21:07 | 000,001,288 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2011/10/03 19:40:54 | 000,021,031 | ---- | C] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | C] () -- C:\Windows\is-CAMTS.lst
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1052.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1027.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1000.old
[2011/09/30 17:47:38 | 000,003,384 | ---- | C] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/17 15:27:21 | 000,002,640 | ---- | C] () -- C:\{4BFEC432-8037-4A0F-BC27-779DB63F7A72}
[2011/09/14 11:13:24 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\xplorer2.lnk
[2011/08/11 04:08:18 | 000,004,096 | -H-- | C] () -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:56:19 | 000,002,073 | ---- | C] () -- C:\Windows\checkip.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/07 08:03:38 | 000,302,592 | ---- | C] () -- C:\Windows\SysWow64\cmd.exe
[2011/07/07 08:02:59 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\msiexec.exe
[2011/07/07 08:02:54 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\msdmo.dll
[2011/07/01 06:31:55 | 000,159,741 | ---- | C] () -- C:\Windows\U-Clean Uninstaller.exe
[2011/05/28 09:36:14 | 000,159,609 | ---- | C] () -- C:\Windows\U-Surf Uninstaller.exe
[2011/05/19 22:10:38 | 000,001,940 | ---- | C] () -- C:\Users\admin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 20:48:18 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 19:53:52 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/17 08:46:20 | 000,000,760 | ---- | C] () -- C:\Users\admin\AppData\Roaming\setup_ldm.iss
[2011/04/15 21:16:59 | 000,007,631 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011/02/25 03:12:17 | 000,117,054 | ---- | C] () -- C:\Windows\CPICWPPR.DAT
[2011/01/10 17:01:00 | 000,006,785 | ---- | C] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2010/12/10 02:44:40 | 000,186,368 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 18:38:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/21 03:33:33 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/21 02:38:55 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/17 21:24:28 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Windows:
< End of report >

[SweetTech]

Good Afternoon!

I'm running OTLPE off the CD and it seems to be running ok....but v-e-r-y s-l-o-w.
I wanted to try and shut off the "taskeng" at startup to maybe get into normal windows, but I'm going to ask your
permission on this one. I believe you edit start up items with msconfig but I'm not sure that will run in safe mode
and I'm not even going to try until I have your blessing.

Lets hold up on doing anything with that now.

By the way, I also noticed I have the log files for the AVG scans I had run previously if your interested....

Please go ahead and post those logs for me to review.

Were you able to save the files from this computer that you did not have backed up before?

[kamots22]

Hey Agent ST....

I'll hold off on trying to do anything else. Still in safe mode. Working on back ups now....just in case.

I just looked at the avg logs and they were from 2004 so those are out. I did find a hijackthis.log file and that is included below.

=============================
Run on 10.4.11

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:48 PM, on 10/4/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Desktop.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Synergy\qsynergy.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Security Task Manager\SpyProtector.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\admin\AppData\Local\Temp\Temp1_CWShredder.zip\cwshredder.exe
C:\Users\admin\Downloads\PROGRAMS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe /autostart
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [HD] C:\Program Files (x86)\U-Clean\Hd.cmd
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3997780417-557740596-1451147213-1012\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3997780417-557740596-1451147213-1012\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Synergy.lnk = C:\Program Files\Synergy\qsynergy.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/...SetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A13609-2F3F-4776-9A2A-FFEB9249C421}: NameServer = 207.69.188.187,207.69.188.186
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Performance Toolkit Disk Defrag Service (DMDefragService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe
O23 - Service: Performance Toolkit Disk Repair Service (DMRepairService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HiWired Client Core Service (HiWiredCore) - HiWired Inc. - C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Synergy Server - Unknown owner - C:\Program Files\Synergy\synergys.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (file missing)
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Unknown owner - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12279 bytes

[SweetTech]

When you ran OTLPE were you running it by booting it from the disc? The reason I ask is because I'm a little suspicious of the Safe Mode w/ Networking line in the OTLPE line.

[kamots22]

I was running in safe mode and then I inserted the cd you had me burn and ran it from there.
Would you like for me to run it off the hard drive?
I rebooted the system and it is now in normal windows but still slow.

[kamots22]

I also have the blue screen error text I had created when this first started:


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: FFFFF8A005C58000
BCP2: 0000000000000000
BCP3: FFFFF8000311D48F
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\091511-46296-01.dmp
C:\Windows\Temp\WER-78046-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


============================================================================

Hang report for C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Generated by using WhatIsHang on 9/16/2011 4:15:54 PM
Web site: http://www.nirsoft.net


Remarks:
* The program hangs in a single system call. You can look in the call stack and stack data to find out which API function cause this hang.


Strings found in the stack:
tream.net/Soccer
dNvEohU"

dNiFohU"

dNMrohU"

^[u 9}¸~ãE¸+«k¿d3“˜u¸âE¯Î ˇuËÏˇˇYãE¯_…¬
chrome://messenger/locale/localMsgs.properties
dNTsohU›

tKHt2HtHuUãN$ãF(ãç}¯WQPˇí¨
dNZromU"

1316204133


Modules found in the stack:
C:\Program Files (x86)\Mozilla Thunderbird\MOZCRT19.dll , Mozilla Foundation , Mozilla Custom C Runtime, User-Generated Microsoft ® C/C++ Runtime Library
C:\Program Files (x86)\Mozilla Thunderbird\xpcom_core.dll , Mozilla Foundation , Thunderbird,
C:\Windows\syswow64\KERNELBASE.dll , Microsoft Corporation , MicrosoftÆ WindowsÆ Operating System, Windows NT BASE API Client DLL
C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
C:\Program Files (x86)\Mozilla Thunderbird\nspr4.dll , Mozilla Foundation , Netscape Portable Runtime, NSPR Library
C:\Windows\system32\uxtheme.dll , Microsoft Corporation , MicrosoftÆ WindowsÆ Operating System, Microsoft UxTheme Library

ThreadID: 6108


Execute Address:
7752FA12 ntdll.dll!NtQueryInformationFile+0x12

Call Stack:
003BE7D4 5F458BA7 MOZCRT19.dll!_locking+0x197
003BE834 5F4714CE MOZCRT19.dll!_fseek_nolock+0x7e
003BE88C 01207269 thunderbird.exe+0xe7269
003BE8B4 01206D14 thunderbird.exe+0xe6d14
003BE8E8 012095C8 thunderbird.exe+0xe95c8
003BE908 017E0B82 thunderbird.exe+0x6c0b82
003BE954 0182C902 thunderbird.exe+0x70c902
003BE97C 01737BCC thunderbird.exe+0x617bcc
003BE9F0 0173CC64 thunderbird.exe+0x61cc64
003BEA34 01733952 thunderbird.exe+0x613952
003BEA5C 5F635CBF xpcom_core.dll!NS_InvokeByIndex_P+0x27
003BEA90 011BAC81 thunderbird.exe+0x9ac81
003BEC90 011C0C85 thunderbird.exe+0xa0c85
0479CC00 048A7004


Stack Data:
003BE784 7752FA12 ntdll.dll!NtQueryInformationFile+0x12
003BE788 7558BE47 KERNELBASE.dll!SetFilePointer+0x63
003BE78C 00000458
003BE790 003BE7C4
003BE794 003BE7AC
003BE798 00000018
003BE79C 00000005
003BE7A0 0000000E
003BE7A4 0000000E
003BE7A8 5F4C8940 MOZCRT19.dll!__pioinfo
003BE7AC 00A09B10
003BE7B0 0000000E
003BE7B4 00A09B10
003BE7B8 0000000E
003BE7BC 0C353BF0
003BE7C0 003BE7F8
003BE7C4 5F42AFD6 MOZCRT19.dll!_get_osfhandle+0x146
003BE7C8 00A09B1C
003BE7CC 403A1093
003BE7D0 0000000E
003BE7D4 003BE834
003BE7D8 5F458BA7 MOZCRT19.dll!_locking+0x197
003BE7DC 00000458
003BE7E0 00000000
003BE7E4 00000000
003BE7E8 00000002
003BE7EC 0000000E
003BE7F0 00000310
003BE7F4 5F458CEF MOZCRT19.dll!_lseek+0xff
003BE7F8 0000000E
003BE7FC 00000000
003BE800 00000002
003BE804 403A1F5F
003BE808 00000002
003BE80C 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE810 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE814 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE818 0000000E
003BE81C 0AFA1DD0
003BE820 002D8D37
003BE824 003BE87C
003BE828 5F42D248 MOZCRT19.dll!__dllonexit+0x78
003BE82C 1F4A5A2B
003BE830 00000000
003BE834 003BE88C
003BE838 5F4714CE MOZCRT19.dll!_fseek_nolock+0x7e
003BE83C 0000000E
003BE840 00000000
003BE844 00000002
003BE848 00000002
003BE84C 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE850 5F47157C MOZCRT19.dll!fseek+0x9c
003BE854 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE858 00000000
003BE85C 00000002
003BE860 403A1FE7
003BE864 5F471A90 MOZCRT19.dll!ftell
003BE868 0AFC8840
003BE86C 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE870 0AFC8840
003BE874 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE878 002D8D37
003BE87C 003BF898
003BE880 5F42D248 MOZCRT19.dll!__dllonexit+0x78
003BE890 01207269 thunderbird.exe+0xe7269
003BE894 5F4C5C58 MOZCRT19.dll!_iob+0x180
003BE8B8 01206D14 thunderbird.exe+0xe6d14
003BE8C4 0120923E thunderbird.exe+0xe923e
003BE8EC 012095C8 thunderbird.exe+0xe95c8
003BE90C 017E0B82 thunderbird.exe+0x6c0b82
003BE928 5F602634 xpcom_core.dll!??1nsCOMPtr_base@@QAE@XZ
003BE930 5F63D92D xpcom_core.dll!?CountChar@nsAString_internal@@QBIIG@Z+0x110
003BE934 06D2AE68 => 1316204133
003BE93C 0184213E thunderbird.exe+0x72213e
003BE944 06D2AE68 => 1316204133
003BE958 0182C902 thunderbird.exe+0x70c902
003BE964 5F602634 xpcom_core.dll!??1nsCOMPtr_base@@QAE@XZ
003BE980 01737BCC thunderbird.exe+0x617bcc
003BE988 01B40EFC thunderbird.exe+0xa20efc
003BE9B8 5F602634 xpcom_core.dll!??1nsCOMPtr_base@@QAE@XZ
003BE9C4 01322439 thunderbird.exe+0x202439
003BE9D4 017E59DC thunderbird.exe+0x6c59dc
003BE9DC 5F602640 xpcom_core.dll!??1nsCOMPtr_base@@QAE@XZ+0xc
003BE9E0 015A4ED6 thunderbird.exe+0x484ed6
003BE9E8 5F602659 xpcom_core.dll!?assign_with_AddRef@nsCOMPtr_base@@QAIXPAVnsISupports@@@Z+0x18
003BE9F4 0173CC64 thunderbird.exe+0x61cc64
003BEA20 01B3B9B8 thunderbird.exe+0xa1b9b8
003BEA38 01733952 thunderbird.exe+0x613952
003BEA60 5F635CBF xpcom_core.dll!NS_InvokeByIndex_P+0x27
003BEA94 011BAC81 thunderbird.exe+0x9ac81
003BEAD0 011C0002 thunderbird.exe+0xa0002
003BEAEC 011C0D18 thunderbird.exe+0xa0d18
003BEB20 011C0E76 thunderbird.exe+0xa0e76
003BEB2C 011C0836 thunderbird.exe+0xa0836
003BEB40 011C0E9F thunderbird.exe+0xa0e9f
003BEB4C 011C0EAE thunderbird.exe+0xa0eae
003BEBDC 5EF29CC7 js3250.dll+0x49cc7
003BEBEC 5EF29E31 js3250.dll+0x49e31
003BEC14 01B9D8A8 thunderbird.exe+0xa7d8a8
003BEC30 5EF29AE0 js3250.dll+0x49ae0
003BEC44 5EEE4450 js3250.dll!JS_EnumerateStub
003BEC48 011C0E40 thunderbird.exe+0xa0e40
003BEC8C 011C0C30 thunderbird.exe+0xa0c30
003BEC94 011C0C85 thunderbird.exe+0xa0c85
003BECB8 5EEE6B70 js3250.dll!JS_GetReservedSlot
003BECC8 5EEE6B88 js3250.dll!JS_GetReservedSlot+0x18
003BECD8 011EDCF1 thunderbird.exe+0xcdcf1
003BED04 011C1567 thunderbird.exe+0xa1567
003BED2C 01A1F770 thunderbird.exe+0x8ff770
003BEDC8 5EF15A3D js3250.dll!js_Invoke+0x48d
003BEDF0 011C146D thunderbird.exe+0xa146d
003BEE6C 5EF1AED7 js3250.dll+0x3aed7
003BEF28 5EF2122C js3250.dll!js_GetSlotThreadSafe+0xbac
003BEF50 5EF2A0CC js3250.dll!js_LookupProperty+0xac
003BEF78 5EF2A07A js3250.dll!js_LookupProperty+0x5a
003BEFAC 5EF29225 js3250.dll+0x49225
003BEFD0 5EF15A48 js3250.dll!js_Invoke+0x498
003BF064 5EF15B96 js3250.dll!js_Invoke+0x5e6
003BF080 5EFA8320 js3250.dll!js_FunctionClass
003BF090 5EF15CC9 js3250.dll!js_Invoke+0x719
003BF0BC 5EF24BA9 js3250.dll+0x44ba9
003BF0E0 5EFA7828 js3250.dll!js_ScriptClass+0x6c0
003BF0E4 5EF2B16D js3250.dll!js_CheckUndeclaredVarAssignment+0x28d
003BF118 5EEE4450 js3250.dll!JS_EnumerateStub
003BF11C 5EEE4450 js3250.dll!JS_EnumerateStub
003BF12C 5EF1A54B js3250.dll+0x3a54b
003BF158 011ACDA9 thunderbird.exe+0x8cda9
003BF1EC 011A8939 thunderbird.exe+0x88939
003BF1FC 011C0856 thunderbird.exe+0xa0856
003BF210 011A8B59 thunderbird.exe+0x88b59
003BF218 01A1A740 thunderbird.exe+0x8fa740
003BF21C 011A8B6B thunderbird.exe+0x88b6b
003BF220 019335D8 thunderbird.exe+0x8135d8
003BF250 7679A61E USER32.dll!VTagOutput+0x54
003BF258 5F68D5E4 nspr4.dll+0x1d5e4
003BF260 5F64640C xpcom_core.dll!??_7nsStringKey@@6B@+0x414
003BF26C 73FD0D73 uxtheme.dll+0x10d73
003BF278 01291851 thunderbird.exe+0x171851
003BF28C 01291851 thunderbird.exe+0x171851
003BF294 01928F1F thunderbird.exe+0x808f1f
003BF29C 012918A8 thunderbird.exe+0x1718a8
003BF2A0 767362FA USER32.dll!gapfnScSendMessage+0x332
003BF2C0 5EF15A48 js3250.dll!js_Invoke+0x498
003BF2D4 7673717A USER32.dll!IsWindow+0x44
003BF354 5EF15B96 js3250.dll!js_Invoke+0x5e6
003BF380 5EEE82E7 js3250.dll!JS_CallFunction+0x27
003BF3A8 013E74A8 thunderbird.exe+0x2c74a8
003BF3C4 01A6F134 thunderbird.exe+0x94f134
003BF3CC 01A791F0 thunderbird.exe+0x9591f0
003BF420 01428068 thunderbird.exe+0x308068
003BF43C 0142825D thunderbird.exe+0x30825d
003BF44C 767405BA USER32.dll!PeekMessageW
003BF498 5F689EBF nspr4.dll!_PR_MD_UNLOCK+0x1f
003BF4A8 5F62BD48 xpcom_core.dll!?GetEvent@nsEventQueue@@QAEHHPAPAVnsIRunnable@@@Z+0x83
003BF4EC 0142826E thunderbird.exe+0x30826e
003BF4F8 5F62DD44 xpcom_core.dll+0x2dd44
003BF510 5F62DEBA xpcom_core.dll+0x2deba
003BF518 5F62E673 xpcom_core.dll!?NS_SetGlobalThreadObserver@@YAIPAVnsIThreadObserver@@@Z+0x461
003BF524 5F63D930 xpcom_core.dll!??1nsACString_internal@@QAE@XZ
003BF53C 5F6061F7 xpcom_core.dll!?NS_ProcessNextEvent_P@@YAHPAVnsIThread@@H@Z+0x20
003BF550 0129D3EB thunderbird.exe+0x17d3eb
003BF55C 5F602634 xpcom_core.dll!??1nsCOMPtr_base@@QAE@XZ
003BF564 0166DD96 thunderbird.exe+0x54dd96
003BF570 01126966 thunderbird.exe+0x6966
003BF5A4 5F42AFD6 MOZCRT19.dll!_get_osfhandle+0x146
003BF5E4 5F65F040 xpcom_core.dll+0x5f040
003BF608 0193486C thunderbird.exe+0x81486c
003BF60C 01934858 thunderbird.exe+0x814858
003BF640 01934340 thunderbird.exe+0x814340
003BF64C 01934394 thunderbird.exe+0x814394
003BF65C 5F6435D0 xpcom_core.dll!??_7nsCreateInstanceByContractID@@6B@
003BF660 01933A20 thunderbird.exe+0x813a20
003BF684 01934364 thunderbird.exe+0x814364
003BF6C8 5F63F71D xpcom_core.dll!?FindCharInReadable@@YAHGAAV?$nsReadingIterator@G@@ABV1@@Z+0x3e
003BF6D4 5F63DBB2 xpcom_core.dll!?Assign@nsAString_internal@@QAIXABV1@@Z+0x64
003BF6E4 5F6187D2 xpcom_core.dll+0x187d2
003BF700 5F621994 xpcom_core.dll!?AddRef@nsHashPropertyBag@@UAGKXZ+0xe
003BF708 5F603BCD xpcom_core.dll!?NS_TableDrivenQI@@YIIPAXPBUQITableEntry@@ABUnsID@@PAPAX@Z+0x3b
003BF718 5F61811B xpcom_core.dll+0x1811b
003BF724 5F63D92D xpcom_core.dll!?CountChar@nsAString_internal@@QBIIG@Z+0x110
003BF730 5F61B691 xpcom_core.dll!NS_NewNativeLocalFile_P+0x20a
003BF73C 5F61B6A0 xpcom_core.dll!NS_NewNativeLocalFile_P+0x219


Processor Registers:
EAX: 00000000
EBX: 00000000
ECX: 00000000
EDX: 00000000
ESI: 00000000
EDI: 00000000
EBP: 003BE7D4
ESP: 003BE784
EIP: 7752FA12 ntdll.dll!NtQueryInformationFile+0x12


Memory Data:
00A09B10 58 04 00 00 01 0A 00 00 01 00 00 00 70 64 18 03 X...........pd..
00A09B20 FE FF FF FF 01 00 00 00 DC 17 00 00 00 00 00 00 ................
00A09B30 A0 0F 00 00 00 0A 0A 00 00 00 00 00 00 00 00 00 ................
00A09B40 00 00 00 00 00 00 00 00 84 05 00 00 01 0A 00 00 ................
00A09B50 01 00 00 00 58 A4 1C 03 FF FF FF FF 00 00 00 00 ....X...........
00A09B60 00 00 00 00 00 00 00 00 A0 0F 00 00 00 0A 0A 00 ................
00A09B70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09B80 18 05 00 00 01 0A 00 00 01 00 00 00 E8 23 1D 03 .............#..
00A09B90 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09BA0 A0 0F 00 00 00 0A 0A 00 00 00 00 00 00 00 00 00 ................
00A09BB0 00 00 00 00 00 00 00 00 84 07 00 00 01 0A 00 00 ................
00A09BC0 01 00 00 00 F0 25 1D 03 FF FF FF FF 00 00 00 00 .....%..........
00A09BD0 00 00 00 00 00 00 00 00 A0 0F 00 00 00 0A 0A 00 ................
00A09BE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09BF0 CC 04 00 00 01 0A 00 00 01 00 00 00 40 47 19 03 ............@G..
00A09C00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ................


00A09B10 58 04 00 00 01 0A 00 00 01 00 00 00 70 64 18 03 X...........pd..
00A09B20 FE FF FF FF 01 00 00 00 DC 17 00 00 00 00 00 00 ................
00A09B30 A0 0F 00 00 00 0A 0A 00 00 00 00 00 00 00 00 00 ................
00A09B40 00 00 00 00 00 00 00 00 84 05 00 00 01 0A 00 00 ................
00A09B50 01 00 00 00 58 A4 1C 03 FF FF FF FF 00 00 00 00 ....X...........
00A09B60 00 00 00 00 00 00 00 00 A0 0F 00 00 00 0A 0A 00 ................
00A09B70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09B80 18 05 00 00 01 0A 00 00 01 00 00 00 E8 23 1D 03 .............#..
00A09B90 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09BA0 A0 0F 00 00 00 0A 0A 00 00 00 00 00 00 00 00 00 ................
00A09BB0 00 00 00 00 00 00 00 00 84 07 00 00 01 0A 00 00 ................
00A09BC0 01 00 00 00 F0 25 1D 03 FF FF FF FF 00 00 00 00 .....%..........
00A09BD0 00 00 00 00 00 00 00 00 A0 0F 00 00 00 0A 0A 00 ................
00A09BE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09BF0 CC 04 00 00 01 0A 00 00 01 00 00 00 40 47 19 03 ............@G..
00A09C00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 ................


0C353BF0 38 EF 82 08 67 00 00 00 05 00 00 00 28 F7 65 5F 8...g.......(.e_
0C353C00 00 00 00 00 01 00 00 00 28 F7 65 5F 00 00 00 00 ........(.e_....
0C353C10 01 00 00 00 74 00 72 00 65 00 61 00 6D 00 2E 00 ....t.r.e.a.m...
0C353C20 6E 00 65 00 74 00 2F 00 53 00 6F 00 63 00 63 00 n.e.t./.S.o.c.c.
0C353C30 65 00 72 00 00 00 31 07 69 00 6C 00 00 00 00 00 e.r...1.i.l.....
0C353C40 69 00 6D 00 61 00 70 00 3A 00 2F 00 2F 00 70 00 i.m.a.p.:././.p.
0C353C50 66 00 62 00 32 00 33 00 31 00 31 00 40 00 69 00 [email protected].
0C353C60 6D 00 61 00 70 00 2E 00 67 00 6D 00 61 00 69 00 m.a.p...g.m.a.i.
0C353C70 6C 00 2E 00 63 00 6F 00 6D 00 2F 00 5B 00 47 00 l...c.o.m./.[.G.
0C353C80 6D 00 61 00 69 00 6C 00 5D 00 2F 00 53 00 70 00 m.a.i.l.]./.S.p.
0C353C90 61 00 6D 00 00 00 04 00 69 00 6C 00 00 00 00 00 a.m.....i.l.....
0C353CA0 69 00 6D 00 61 00 70 00 3A 00 2F 00 2F 00 70 00 i.m.a.p.:././.p.
0C353CB0 66 00 62 00 32 00 33 00 31 00 31 00 40 00 69 00 [email protected].
0C353CC0 6D 00 61 00 70 00 2E 00 67 00 6D 00 61 00 69 00 m.a.p...g.m.a.i.
0C353CD0 6C 00 2E 00 63 00 6F 00 6D 00 2F 00 5B 00 47 00 l...c.o.m./.[.G.
0C353CE0 6D 00 61 00 69 00 6C 00 5D 00 2F 00 53 00 70 00 m.a.i.l.]./.S.p.


00A09B1C 70 64 18 03 FE FF FF FF 01 00 00 00 DC 17 00 00 pd..............
00A09B2C 00 00 00 00 A0 0F 00 00 00 0A 0A 00 00 00 00 00 ................
00A09B3C 00 00 00 00 00 00 00 00 00 00 00 00 84 05 00 00 ................
00A09B4C 01 0A 00 00 01 00 00 00 58 A4 1C 03 FF FF FF FF ........X.......
00A09B5C 00 00 00 00 00 00 00 00 00 00 00 00 A0 0F 00 00 ................
00A09B6C 00 0A 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09B7C 00 00 00 00 18 05 00 00 01 0A 00 00 01 00 00 00 ................
00A09B8C E8 23 1D 03 FF FF FF FF 00 00 00 00 00 00 00 00 .#..............
00A09B9C 00 00 00 00 A0 0F 00 00 00 0A 0A 00 00 00 00 00 ................
00A09BAC 00 00 00 00 00 00 00 00 00 00 00 00 84 07 00 00 ................
00A09BBC 01 0A 00 00 01 00 00 00 F0 25 1D 03 FF FF FF FF .........%......
00A09BCC 00 00 00 00 00 00 00 00 00 00 00 00 A0 0F 00 00 ................
00A09BDC 00 0A 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00A09BEC 00 00 00 00 CC 04 00 00 01 0A 00 00 01 00 00 00 ................
00A09BFC 40 47 19 03 FF FF FF FF 00 00 00 00 00 00 00 00 @G..............
00A09C0C 00 00 00 00 A0 0F 00 00 00 0A 0A 00 00 00 00 00 ................


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


0AFC8840 9C 7E A2 01 FC 60 CE 08 64 4E 69 46 6F 68 55 22 .~...`..dNiFohU"
0AFC8850 01 00 01 00 00 00 00 00 68 7E A2 01 00 00 00 00 ........h~......
0AFC8860 D0 1D FA 0A 01 00 00 00 28 7E A2 01 00 00 4F 41 ........(~....OA
0AFC8870 FC 60 CE 08 E0 64 0F 0A 00 00 00 00 58 5C 4C 5F .`...d......X\L_
0AFC8880 00 89 FC 0A 08 5D 0C 00 00 AC 7D 04 00 00 00 00 .....]....}.....
0AFC8890 00 00 00 00 00 00 00 00 C0 90 A2 08 00 00 00 00 ................
0AFC88A0 0E 00 00 00 00 00 00 00 00 1C E1 05 0C 00 00 00 ................
0AFC88B0 00 00 00 00 00 00 00 00 90 42 B3 09 E0 F4 65 5F .........B....e_
0AFC88C0 01 00 00 00 2F 00 00 00 63 68 72 6F 6D 65 3A 2F ..../...chrome:/
0AFC88D0 2F 6D 65 73 73 65 6E 67 65 72 2F 6C 6F 63 61 6C /messenger/local
0AFC88E0 65 2F 6C 6F 63 61 6C 4D 73 67 73 2E 70 72 6F 70 e/localMsgs.prop
0AFC88F0 65 72 74 69 65 73 00 65 40 9B A2 01 00 00 00 00 erties.e@.......
0AFC8900 58 CE 69 07 FB 07 00 00 00 AC 7D 04 00 00 00 00 X.i.......}.....
0AFC8910 00 00 00 00 00 00 00 00 00 91 A2 08 00 00 00 00 ................
0AFC8920 03 00 00 00 00 00 00 00 00 1C E1 05 01 00 00 00 ................
0AFC8930 00 00 00 00 00 00 00 00 D0 AC A5 00 E0 F4 65 5F ..............e_


0AFC8840 9C 7E A2 01 FC 60 CE 08 64 4E 69 46 6F 68 55 22 .~...`..dNiFohU"
0AFC8850 01 00 01 00 00 00 00 00 68 7E A2 01 00 00 00 00 ........h~......
0AFC8860 D0 1D FA 0A 01 00 00 00 28 7E A2 01 00 00 4F 41 ........(~....OA
0AFC8870 FC 60 CE 08 E0 64 0F 0A 00 00 00 00 58 5C 4C 5F .`...d......X\L_
0AFC8880 00 89 FC 0A 08 5D 0C 00 00 AC 7D 04 00 00 00 00 .....]....}.....
0AFC8890 00 00 00 00 00 00 00 00 C0 90 A2 08 00 00 00 00 ................
0AFC88A0 0E 00 00 00 00 00 00 00 00 1C E1 05 0C 00 00 00 ................
0AFC88B0 00 00 00 00 00 00 00 00 90 42 B3 09 E0 F4 65 5F .........B....e_
0AFC88C0 01 00 00 00 2F 00 00 00 63 68 72 6F 6D 65 3A 2F ..../...chrome:/
0AFC88D0 2F 6D 65 73 73 65 6E 67 65 72 2F 6C 6F 63 61 6C /messenger/local
0AFC88E0 65 2F 6C 6F 63 61 6C 4D 73 67 73 2E 70 72 6F 70 e/localMsgs.prop
0AFC88F0 65 72 74 69 65 73 00 65 40 9B A2 01 00 00 00 00 erties.e@.......
0AFC8900 58 CE 69 07 FB 07 00 00 00 AC 7D 04 00 00 00 00 X.i.......}.....
0AFC8910 00 00 00 00 00 00 00 00 00 91 A2 08 00 00 00 00 ................
0AFC8920 03 00 00 00 00 00 00 00 00 1C E1 05 01 00 00 00 ................
0AFC8930 00 00 00 00 00 00 00 00 D0 AC A5 00 E0 F4 65 5F ..............e_


003BF898 E4 F8 3B 00 0B 41 92 01 79 50 B9 41 00 00 00 00 ..;..A..yP.A....
003BF8A8 B4 F8 3B 00 9A 33 89 76 00 E0 FD 7E F4 F8 3B 00 ..;..3.v...~..;.
003BF8B8 D2 9E 54 77 00 E0 FD 7E 35 8B 0D 77 00 00 00 00 ..Tw...~5..w....
003BF8C8 00 00 00 00 00 E0 FD 7E 00 00 00 00 00 00 00 00 .......~........
003BF8D8 00 00 00 00 C0 F8 3B 00 00 00 00 00 FF FF FF FF ......;.........
003BF8E8 CD 1E 58 77 E1 B6 65 00 00 00 00 00 0C F9 3B 00 ..Xw..e.......;.
003BF8F8 A5 9E 54 77 50 3B 92 01 00 E0 FD 7E 00 00 00 00 ..TwP;.....~....
003BF908 00 00 00 00 00 00 00 00 00 00 00 00 50 3B 92 01 ............P;..
003BF918 00 E0 FD 7E 00 00 00 00 00 00 00 00 00 00 00 00 ...~............
003BF928 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF938 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF948 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF958 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF968 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF978 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
003BF988 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


01207269 83 C4 0C 85 C0 7C 22 53 FF D7 8B F8 85 FF 59 7C .....|"S......Y|
01207279 18 6A 00 FF 75 F8 53 FF 15 9C 05 93 01 83 C4 0C .j..u.S.........
01207289 85 C0 7C 05 89 7D FC EB 42 FF 75 08 8B CE E8 75 ..|..}..B.u....u
01207299 FB FF FF EB 36 83 7E 38 00 74 1E 8B 76 38 8B 0E ....6.~8.t..v8..
012072A9 8D 45 FC 50 8B 45 08 8B D0 83 C0 28 F7 DA 1B D2 .E.P.E.....(....
012072B9 23 D0 52 56 FF 51 14 EB 12 FF 75 08 E8 3F F9 FF #.RV.Q....u..?..
012072C9 FF EB 08 FF 75 08 E8 CE F9 FF FF 8B 45 FC 5F 5E ....u.......E._^
012072D9 5B C9 C2 04 00 53 8B 5C 24 10 85 DB 75 07 B8 57 [....S.\$...u..W
012072E9 00 07 80 EB 6E 56 57 FF 74 24 14 E8 2A F3 FF FF ....nVW.t$..*...
012072F9 8B F8 8B 44 24 14 8D 70 D8 80 7E 0C 6F 59 75 47 ...D$..p..~.oYuG
01207309 80 7E 2F 41 75 41 8B 48 14 85 C9 74 1A 51 FF 15 .~/AuA.H...t.Q..
01207319 A0 05 93 01 85 C0 59 7C 04 89 03 EB 32 57 8B CE ......Y|....2W..
01207329 E8 E3 FA FF FF EB 28 83 78 10 00 74 10 8B 40 10 ......(.x..t..@.
01207339 8B 08 53 FF 74 24 18 50 FF 51 0C EB 12 57 8B CE ..S.t$.P.Q...W..
01207349 E8 BB F8 FF FF EB 08 57 8B CE E8 4A F9 FF FF 5F .......W...J..._
01207359 33 C0 5E 5B C2 0C 00 55 8B EC 56 57 FF 75 0C E8 3.^[...U..VW.u..


002869A9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
002869B9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
002869C9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
002869D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
002869E9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
002869F9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00286A99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


0AFA1DF8 70 7B A2 01 80 60 CE 08 8C 5A DC 08 F8 1D FA 0A p{...`...Z......
0AFA1E08 00 00 00 00 00 88 FC 0A 00 00 00 00 00 00 00 00 ................
0AFA1E18 00 55 00 00 01 00 00 00 B0 87 A2 01 8C 5A DC 08 .U...........Z..
0AFA1E28 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E38 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E48 E6 28 00 00 00 28 00 00 44 14 00 00 00 60 42 0B .(...(..D....`B.
0AFA1E58 00 00 00 00 00 C0 41 0B 00 00 00 00 00 20 41 0B ......A...... A.
0AFA1E68 0C 11 42 0B 00 00 00 00 B0 87 A2 01 8C 5A DC 08 ..B..........Z..
0AFA1E78 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E88 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E98 35 00 00 00 28 00 00 00 19 00 00 00 C0 B5 EF 0A 5...(...........
0AFA1EA8 00 00 00 00 20 B5 EF 0A 00 00 00 00 80 B4 EF 0A .... ...........
0AFA1EB8 84 B5 EF 0A F8 1E FA 0A B0 87 A2 01 8C 5A DC 08 .............Z..
0AFA1EC8 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1ED8 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1EE8 C2 24 00 00 00 14 00 00 39 12 00 00 00 20 51 0B .$......9.... Q.


01206D14 8B 4C 24 10 85 C9 8B 76 44 74 02 89 01 8B C6 5E .L$....vDt.....^
01206D24 C2 0C 00 55 8B EC 53 57 FF 75 0C 33 DB E8 ED F8 ...U..SW.u.3....
01206D34 FF FF 8B F8 85 FF 59 74 2F 56 8B 75 08 8B 06 8D ......Yt/V.u....
01206D44 4D 08 51 FF 75 18 FF 75 0C 56 FF 50 10 66 39 5F M.Q.u..u.V.P.f9_
01206D54 40 75 14 FF 75 1C 8B 06 FF 75 14 FF 75 10 FF 75 @u..u....u..u..u
01206D64 0C 56 FF 50 18 8B D8 5E 5F 8B C3 5B 5D C2 18 00 .V.P...^_..[]...
01206D74 55 8B EC 53 8B 5D 1C 56 57 FF 75 0C 33 F6 89 33 U..S.].VW.u.3..3
01206D84 E8 9A F8 FF FF 8B F8 3B FE 59 74 2D 8B 75 08 8B .......;.Yt-.u..
01206D94 06 8D 4D 1C 51 FF 75 18 FF 75 0C 56 FF 50 10 66 ..M.Q.u..u.V.P.f
01206DA4 83 7F 40 00 75 10 8B 06 53 FF 75 14 FF 75 10 FF .@.u...S.u..u..
01206DB4 75 0C 56 FF 50 20 8B 77 44 5F 8B C6 5E 5B 5D C2 u.V.P .wD_..^[].
01206DC4 18 00 53 56 57 8B 7C 24 18 33 DB 3B FB 74 03 89 ..SVW.|$.3.;.t..
01206DD4 5F 04 FF 74 24 14 E8 44 F8 FF FF 8B F0 3B F3 59 _..t$..D.....;.Y
01206DE4 74 12 8B 44 24 10 57 FF 70 0C 8B CE E8 D8 FA FF t..D$.W.p.......
01206DF4 FF 8B 5E 44 5F 5E 8B C3 5B C2 0C 00 8B 44 24 04 ..^D_^..[....D$.
01206E04 FF 74 24 08 8B 08 50 FF 51 28 C2 08 00 53 56 8B .t$...P.Q(...SV.


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


0120923E 66 83 7E 40 00 5E 5B 75 20 39 7D FC 7E 1B 8B 45 f.~@.^[u 9}.~..E
0120924E FC 2B C7 6B C0 64 33 D2 F7 75 FC 89 45 F8 EB 09 .+.k.d3..u..E...
0120925E FF 75 08 E8 1A EC FF FF 59 8B 45 F8 5F C9 C2 04 .u......Y.E._...
0120926E 00 56 8B F1 83 7E 48 00 75 5B 57 8B 7E 44 85 FF .V...~H.u[W.~D..
0120927E FF 74 24 0C 74 48 8B 46 34 50 6A 5C E8 28 CA FF .t$.tH.F4Pj\.(..
0120928E FF 83 C4 0C 85 C0 74 1E 6A 01 68 00 20 00 00 57 ......t.j.h. ..W
0120929E FF 76 34 8B C8 FF 35 D0 F8 B9 01 FF 74 24 20 E8 .v4...5.....t$ .
012092AE 87 5B 00 00 EB 02 33 C0 85 C0 74 18 80 BE 95 05 .[....3...t.....
012092BE 00 00 00 74 04 C6 46 0F DD 89 46 48 EB 06 E8 AF ...t..F...FH....
012092CE EB FF FF 59 5F 8B 46 48 5E C2 04 00 56 8B F1 83 ...Y_.FH^...V...
012092DE 7E 4C 00 75 51 53 FF 74 24 0C E8 82 FF FF FF 8B ~L.uQS.t$.......
012092EE D8 85 DB 74 40 57 FF 74 24 10 8B 7E 34 57 68 50 [email protected]$..~4WhP
012092FE 04 00 00 E8 B1 C9 FF FF 83 C4 0C 85 C0 74 1C 56 .............t.V
0120930E 57 68 00 02 00 00 53 57 FF 35 D0 F8 B9 01 8B C8 Wh....SW.5......
0120931E FF 74 24 28 E8 C0 71 00 00 EB 02 33 C0 85 C0 5F .t$(..q....3..._
0120932E 74 03 89 46 4C 5B 8B 46 4C 5E C2 04 00 55 8B EC t..FL[.FL^...U..


0AFC8868 28 7E A2 01 00 00 4F 41 FC 60 CE 08 E0 64 0F 0A (~....OA.`...d..
0AFC8878 00 00 00 00 58 5C 4C 5F 00 89 FC 0A 08 5D 0C 00 ....X\L_.....]..
0AFC8888 00 AC 7D 04 00 00 00 00 00 00 00 00 00 00 00 00 ..}.............
0AFC8898 C0 90 A2 08 00 00 00 00 0E 00 00 00 00 00 00 00 ................
0AFC88A8 00 1C E1 05 0C 00 00 00 00 00 00 00 00 00 00 00 ................
0AFC88B8 90 42 B3 09 E0 F4 65 5F 01 00 00 00 2F 00 00 00 .B....e_..../...
0AFC88C8 63 68 72 6F 6D 65 3A 2F 2F 6D 65 73 73 65 6E 67 chrome://messeng
0AFC88D8 65 72 2F 6C 6F 63 61 6C 65 2F 6C 6F 63 61 6C 4D er/locale/localM
0AFC88E8 73 67 73 2E 70 72 6F 70 65 72 74 69 65 73 00 65 sgs.properties.e
0AFC88F8 40 9B A2 01 00 00 00 00 58 CE 69 07 FB 07 00 00 @.......X.i.....
0AFC8908 00 AC 7D 04 00 00 00 00 00 00 00 00 00 00 00 00 ..}.............
0AFC8918 00 91 A2 08 00 00 00 00 03 00 00 00 00 00 00 00 ................
0AFC8928 00 1C E1 05 01 00 00 00 00 00 00 00 00 00 00 00 ................
0AFC8938 D0 AC A5 00 E0 F4 65 5F 00 8A FC 0A 0B C0 00 00 ......e_........
0AFC8948 00 AC 7D 04 00 00 00 00 00 00 00 00 00 00 00 00 ..}.............
0AFC8958 A0 91 A2 08 00 00 00 00 05 00 00 00 00 00 00 00 ................


0AFA1DF8 70 7B A2 01 80 60 CE 08 8C 5A DC 08 F8 1D FA 0A p{...`...Z......
0AFA1E08 00 00 00 00 00 88 FC 0A 00 00 00 00 00 00 00 00 ................
0AFA1E18 00 55 00 00 01 00 00 00 B0 87 A2 01 8C 5A DC 08 .U...........Z..
0AFA1E28 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E38 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E48 E6 28 00 00 00 28 00 00 44 14 00 00 00 60 42 0B .(...(..D....`B.
0AFA1E58 00 00 00 00 00 C0 41 0B 00 00 00 00 00 20 41 0B ......A...... A.
0AFA1E68 0C 11 42 0B 00 00 00 00 B0 87 A2 01 8C 5A DC 08 ..B..........Z..
0AFA1E78 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E88 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E98 35 00 00 00 28 00 00 00 19 00 00 00 C0 B5 EF 0A 5...(...........
0AFA1EA8 00 00 00 00 20 B5 EF 0A 00 00 00 00 80 B4 EF 0A .... ...........
0AFA1EB8 84 B5 EF 0A F8 1E FA 0A B0 87 A2 01 8C 5A DC 08 .............Z..
0AFA1EC8 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1ED8 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1EE8 C2 24 00 00 00 14 00 00 39 12 00 00 00 20 51 0B .$......9.... Q.


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


0A0C0800 4C 81 A2 01 8C 5A DC 08 64 4E 54 73 6F 68 55 DD L....Z..dNTsohU.
0A0C0810 01 00 07 00 00 00 00 00 18 81 A2 01 00 00 00 00 ................
0A0C0820 D0 1D FA 0A 01 00 00 00 68 80 A2 01 D0 1D FA 0A ........h.......
0A0C0830 80 60 CE 08 8C 5A DC 08 00 00 00 00 80 8B D5 09 .`...Z..........
0A0C0840 C0 8A D5 09 68 88 FC 0A 00 00 00 00 00 00 00 00 ....h...........
0A0C0850 00 00 00 00 E8 85 A2 01 00 00 00 00 64 4E 5A 72 ............dNZr
0A0C0860 6F 6D 55 22 01 00 01 00 8C 5A DC 08 50 61 4D 6D omU".....Z..PaMm
0A0C0870 04 00 00 00 04 00 00 00 01 00 01 01 09 00 00 00 ................
0A0C0880 00 01 00 00 04 00 00 00 00 60 09 0A 00 64 09 0A .........`...d..
0A0C0890 00 5C 09 0A 00 BB 0A 0A 00 54 09 0A 10 5C 09 0A .\.......T...\..
0A0C08A0 D4 86 A2 01 00 00 00 00 64 4E 5A 61 6F 6D 55 22 ........dNZaomU"
0A0C08B0 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0A0C08C0 04 00 00 00 01 00 01 01 05 00 00 00 00 01 00 00 ................
0A0C08D0 02 00 00 00 00 70 09 0A 00 74 09 0A 00 6C 09 0A .....p...t...l..
0A0C08E0 00 BC 0A 0A 00 68 09 0A 08 6C 09 0A 40 8B A2 01 .....h...l..@...
0A0C08F0 00 00 00 00 64 4E 6E 5A 6F 6D 55 22 01 00 01 00 ....dNnZomU"....


012095C8 6A 64 59 39 4D 10 76 03 89 4D 10 3B 45 10 8B 76 jdY9M.v..M.;E..v
012095D8 44 1A DB FE C3 EB 06 8B 75 FC 8B 45 F8 8B 4D 14 D.......u..E..M.
012095E8 85 C9 74 02 89 01 8B 45 18 85 C0 74 02 88 18 5F ..t....E...t..._
012095F8 8B C6 5E 5B C9 C2 14 00 55 8B EC 53 56 57 8B 7D ..^[....U..SVW.}
01209608 08 33 DB 53 53 FF 75 10 8B F1 FF 75 0C 57 E8 95 .3.SS.u....u.W..
01209618 CD FF FF FF 75 18 C7 46 28 60 81 A2 01 53 C7 06 ....u..F(`...S..
01209628 4C 81 A2 01 C7 46 18 18 81 A2 01 C7 46 28 68 80 L....F......F(h.
01209638 A2 01 89 7E 2C 89 5E 30 89 5E 34 89 5E 38 89 5E ...~,.^0.^4.^8.^
01209648 3C 89 5E 40 89 5E 44 89 5E 48 89 5E 4C 89 5E 50 <.^@.^D.^H.^L.^P
01209658 FF 35 D8 F8 B9 01 8D 4E 54 57 E8 08 24 00 00 FF .5.....NTW..$...
01209668 75 18 8D 8E A0 00 00 00 53 FF 35 D8 F8 B9 01 57 u.......S.5....W
01209678 E8 D1 29 00 00 FF 75 18 8D 8E EC 00 00 00 53 FF ..)...u.......S.
01209688 35 D8 F8 B9 01 57 E8 7E 54 00 00 FF 75 18 8D 8E 5....W.~T...u...
01209698 38 05 00 00 53 FF 35 D8 F8 B9 01 57 E8 1E 08 00 8...S.5....W....
012096A8 00 89 9E 88 05 00 00 89 9E 8C 05 00 00 89 9E 90 ................
012096B8 05 00 00 88 9E 94 05 00 00 88 9E 95 05 00 00 C6 ................


0AFA1DD0 EC 7B A2 01 8C 5A DC 08 64 4E 76 45 6F 68 55 22 .{...Z..dNvEohU"
0AFA1DE0 01 00 01 00 00 00 00 00 B8 7B A2 01 00 00 00 00 .........{......
0AFA1DF0 00 00 00 00 01 00 00 00 70 7B A2 01 80 60 CE 08 ........p{...`..
0AFA1E00 8C 5A DC 08 F8 1D FA 0A 00 00 00 00 00 88 FC 0A .Z..............
0AFA1E10 00 00 00 00 00 00 00 00 00 55 00 00 01 00 00 00 .........U......
0AFA1E20 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E30 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E40 00 00 00 00 00 00 01 00 E6 28 00 00 00 28 00 00 .........(...(..
0AFA1E50 44 14 00 00 00 60 42 0B 00 00 00 00 00 C0 41 0B D....`B.......A.
0AFA1E60 00 00 00 00 00 20 41 0B 0C 11 42 0B 00 00 00 00 ..... A...B.....
0AFA1E70 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"
0AFA1E80 01 00 01 00 8C 5A DC 08 50 61 4D 6D 04 00 00 00 .....Z..PaMm....
0AFA1E90 00 00 00 00 00 00 01 00 35 00 00 00 28 00 00 00 ........5...(...
0AFA1EA0 19 00 00 00 C0 B5 EF 0A 00 00 00 00 20 B5 EF 0A ............ ...
0AFA1EB0 00 00 00 00 80 B4 EF 0A 84 B5 EF 0A F8 1E FA 0A ................
0AFA1EC0 B0 87 A2 01 8C 5A DC 08 64 4E 4D 72 6F 68 55 22 .....Z..dNMrohU"


09A8CDF0 A8 30 B5 01 12 00 00 00 00 00 00 00 B8 DD 09 0A .0..............
09A8CE00 B0 32 11 0C 00 00 00 00 E0 41 9B 08 60 B6 EF 0A .2.......A..`...
09A8CE10 F0 FF FF FF F8 1D FA 0A 28 08 0C 0A 08 A4 FA 0A ........(.......
09A8CE20 B8 8E 4C 0B 78 64 0F 0A 67 00 00 00 05 00 00 00 ..L.xd..g.......
09A8CE30 E0 F4 65 5F 01 00 00 00 00 00 00 00 80 47 A6 0A ..e_.........G..
09A8CE40 80 00 00 00 9A 00 00 00 97 00 00 00 98 00 00 00 ................
09A8CE50 99 00 00 00 81 00 00 00 82 00 00 00 83 00 00 00 ................
09A8CE60 84 00 00 00 85 00 00 00 86 00 00 00 87 00 00 00 ................
09A8CE70 88 00 00 00 89 00 00 00 8A 00 00 00 8B 00 00 00 ................
09A8CE80 8C 00 00 00 8D 00 00 00 8E 00 00 00 91 00 00 00 ................
09A8CE90 90 00 00 00 93 00 00 00 94 00 00 00 8F 00 00 00 ................
09A8CEA0 95 00 00 00 96 00 00 00 9B 00 00 00 9C 00 00 00 ................
09A8CEB0 92 00 00 00 9D 00 00 00 9E 00 00 00 98 A8 0A 06 ................
09A8CEC0 40 48 A6 0A 00 00 00 00 01 00 00 00 FF FF FF FF @H..............
09A8CED0 00 00 00 00 A8 60 CE 08 A0 B4 D3 0B E0 F4 65 5F .....`........e_
09A8CEE0 64 00 00 00 00 00 00 00 68 00 72 00 6F 00 6D 00 d.......h.r.o.m.


017E0B82 85 C0 89 45 FC 78 0C 38 5D 0B 74 07 C7 45 0C 03 ...E.x.8].t..E..
017E0B92 00 00 00 39 5E 28 74 65 8B 45 0C 2B C3 74 4B 48 ...9^(te.E.+.tKH
017E0BA2 74 32 48 74 19 48 75 55 8B 4E 24 8B 46 28 8B 10 t2Ht.HuU.N$.F(..
017E0BB2 8D 7D F8 57 51 50 FF 92 AC 00 00 00 EB 3C 8B 4E .}.WQP.......<.N
017E0BC2 24 8B 46 28 8B 10 8D 7D F8 57 51 50 FF 92 A8 00 $.F(...}.WQP....
017E0BD2 00 00 EB 26 8B 4E 24 8B 46 28 8B 10 8D 7D F8 57 ...&.N$.F(...}.W
017E0BE2 51 50 FF 92 A4 00 00 00 EB 10 8B 4E 24 8B 46 28 QP.........N$.F(
017E0BF2 8B 10 51 50 FF 92 A0 00 00 00 89 45 FC 39 5D F8 ..QP.......E.9].
017E0C02 74 4B 89 5D E8 89 5D EC 88 5D 0B 88 5D 0F 38 5D tK.]..]..]..].8]
017E0C12 0F 75 2A 39 5D FC 75 25 8B 46 24 8B 4D F8 8B 11 .u*9].u%.F$.M...
017E0C22 8D 7D 0F 57 8D 7D 0B 57 8D 7D EC 57 8D 7D E8 57 .}.W.}.W.}.W.}.W
017E0C32 50 51 FF 52 10 38 5D 0B 89 45 FC 74 D1 8B 45 F8 PQ.R.8]..E.t..E.
017E0C42 3B C3 74 09 8B 08 50 FF 51 08 89 5D F8 8B 46 24 ;.t...P.Q..]..F$
017E0C52 3B C3 74 06 8B 08 50 FF 51 3C 8D 45 F4 89 45 E0 ;.t...P.Q<.E..E.
017E0C62 8D 45 DC 50 8D 4D F0 C7 45 DC F0 54 B3 01 E8 98 .E.P.M..E..T....
017E0C72 CA EF FF F7 45 F4 00 00 00 80 0F 85 FB 00 00 00 ....E...........


0A0C0828 68 80 A2 01 D0 1D FA 0A 80 60 CE 08 8C 5A DC 08 h........`...Z..
0A0C0838 00 00 00 00 80 8B D5 09 C0 8A D5 09 68 88 FC 0A ............h...
0A0C0848 00 00 00 00 00 00 00 00 00 00 00 00 E8 85 A2 01 ................
0A0C0858 00 00 00 00 64 4E 5A 72 6F 6D 55 22 01 00 01 00 ....dNZromU"....
0A0C0868 8C 5A DC 08 50 61 4D 6D 04 00 00 00 04 00 00 00 .Z..PaMm........
0A0C0878 01 00 01 01 09 00 00 00 00 01 00 00 04 00 00 00 ................
0A0C0888 00 60 09 0A 00 64 09 0A 00 5C 09 0A 00 BB 0A 0A .`...d...\......
0A0C0898 00 54 09 0A 10 5C 09 0A D4 86 A2 01 00 00 00 00 .T...\..........
0A0C08A8 64 4E 5A 61 6F 6D 55 22 01 00 01 00 8C 5A DC 08 dNZaomU".....Z..
0A0C08B8 50 61 4D 6D 04 00 00 00 04 00 00 00 01 00 01 01 PaMm............
0A0C08C8 05 00 00 00 00 01 00 00 02 00 00 00 00 70 09 0A .............p..
0A0C08D8 00 74 09 0A 00 6C 09 0A 00 BC 0A 0A 00 68 09 0A .t...l.......h..
0A0C08E8 08 6C 09 0A 40 8B A2 01 00 00 00 00 64 4E 6E 5A [email protected]
0A0C08F8 6F 6D 55 22 01 00 01 00 30 8B A2 01 8C 5A DC 08 omU"....0....Z..
0A0C0908 A0 01 34 00 50 F1 25 00 A4 A5 14 00 AC EA 1E 00 ..4.P.%.........
0A0C0918 00 00 00 00 34 00 00 00 00 00 00 00 00 90 52 06 ....4.........R.


0AFA1DF8 70 7B A2 01 80 60 CE 08 8C 5A DC 08 F8 1D FA 0A p{...`...Z......
0AFA1E08 00 00 00 00 00 88 FC 0A 00 00 00 00 00 00 00 00 ................
0AFA1E18 00 55 00 00 01 00 00 00 B0 87 A2 01 8C 5A DC 08 .U...........Z..
0AFA1E28 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E38 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E48 E6 28 00 00 00 28 00 00 44 14 00 00 00 60 42 0B .(...(..D....`B.
0AFA1E58 00 00 00 00 00 C0 41 0B 00 00 00 00 00 20 41 0B ......A...... A.
0AFA1E68 0C 11 42 0B 00 00 00 00 B0 87 A2 01 8C 5A DC 08 ..B..........Z..
0AFA1E78 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1E88 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1E98 35 00 00 00 28 00 00 00 19 00 00 00 C0 B5 EF 0A 5...(...........
0AFA1EA8 00 00 00 00 20 B5 EF 0A 00 00 00 00 80 B4 EF 0A .... ...........
0AFA1EB8 84 B5 EF 0A F8 1E FA 0A B0 87 A2 01 8C 5A DC 08 .............Z..
0AFA1EC8 64 4E 4D 72 6F 68 55 22 01 00 01 00 8C 5A DC 08 dNMrohU".....Z..
0AFA1ED8 50 61 4D 6D 04 00 00 00 00 00 00 00 00 00 01 00 PaMm............
0AFA1EE8 C2 24 00 00 00 14 00 00 39 12 00 00 00 20 51 0B .$......9.... Q.


089B41E0 E8 18 B5 01 B4 18 B5 01 A0 18 B5 01 90 18 B5 01 ................
089B41F0 80 18 B5 01 F0 CD A8 09 00 00 00 00 08 69 DE 08 .............i..
089B4200 0A 00 00 00 05 00 00 00 00 00 00 00 01 00 00 00 ................
089B4210 00 00 00 00 00 00 00 00 7C C5 80 48 00 00 00 00 ........|..H....
089B4220 00 00 00 00 00 00 00 00 00 00 00 00 E0 32 11 0C .............2..
089B4230 00 00 00 00 04 10 00 80 40 C5 DB 08 25 0F 00 00 ........@...%...
089B4240 44 14 00 00 01 00 00 00 C1 39 3D 23 00 00 00 00 D........9=#....
089B4250 00 00 00 00 E0 F4 65 5F 01 00 00 00 00 00 00 00 ......e_........
089B4260 50 5D CE 08 00 00 00 00 00 00 00 00 7B 74 C9 48 P]..........{t.H
089B4270 00 00 00 00 01 00 00 00 E0 F4 65 5F E0 F4 65 5F ..........e_..e_
089B4280 01 00 00 00 01 00 00 00 00 00 00 00 E8 2A DD 08 .............*..
089B4290 05 00 00 00 05 00 00 00 80 1B DD 08 B8 9F D8 08 ................
089B42A0 31 00 00 00 05 00 00 00 00 00 00 00 01 00 00 00 1...............
089B42B0 08 2C C8 08 02 00 00 00 10 2C C8 08 04 00 00 00 .,.......,......
089B42C0 18 2C C8 08 08 00 00 00 20 2C C8 08 10 00 00 00 .,...... ,......
089B42D0 28 2C C8 08 20 00 00 00 20 D5 F5 04 00 00 00 00 (,.. ... .......


06D2AE68 31 33 31 36 32 30 34 31 33 33 00 00 6D 00 73 00 1316204133..m.s.
06D2AE78 66 00 00 00 36 00 00 00 62 00 69 00 6E 00 64 00 f...6...b.i.n.d.
06D2AE88 42 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 B.y.N.a.m.e.....
06D2AE98 00 00 00 00 00 00 00 00 62 00 69 00 6E 00 64 00 ........b.i.n.d.
06D2AEA8 42 00 6C 00 6F 00 62 00 42 00 79 00 4E 00 61 00 B.l.o.b.B.y.N.a.
06D2AEB8 6D 00 65 00 00 00 00 00 62 00 69 00 6E 00 64 00 m.e.....b.i.n.d.
06D2AEC8 42 00 79 00 49 00 6E 00 64 00 65 00 78 00 00 00 B.y.I.n.d.e.x...
06D2AED8 00 00 00 00 00 00 00 00 62 00 69 00 6E 00 64 00 ........b.i.n.d.
06D2AEE8 42 00 6C 00 6F 00 62 00 42 00 79 00 49 00 6E 00 B.l.o.b.B.y.I.n.
06D2AEF8 64 00 65 00 78 00 00 00 62 00 69 00 6E 00 64 00 d.e.x...b.i.n.d.
06D2AF08 50 00 61 00 72 00 61 00 6D 00 65 00 74 00 65 00 P.a.r.a.m.e.t.e.
06D2AF18 72 00 73 00 00 00 00 00 70 00 61 00 72 00 61 00 r.s.....p.a.r.a.
06D2AF28 6D 00 65 00 74 00 65 00 72 00 43 00 6F 00 75 00 m.e.t.e.r.C.o.u.
06D2AF38 6E 00 74 00 00 00 00 00 63 00 6F 00 6C 00 75 00 n.t.....c.o.l.u.
06D2AF48 6D 00 6E 00 43 00 6F 00 75 00 6E 00 74 00 00 00 m.n.C.o.u.n.t...
06D2AF58 00 00 00 00 00 00 00 00 67 00 65 00 74 00 43 00 ........g.e.t.C.


0184213E 8B C6 5E C9 C2 0C 00 55 8B EC 83 EC 14 56 8D 4D ..^....U.....V.M
0184214E EC FF 15 88 24 93 01 83 65 FC 00 8D 45 EC 89 45 ....$...e...E..E
0184215E F8 8D 45 FC 50 FF 75 0C 8B 45 08 FF 70 44 8B 48 ..E.P.u..E..pD.H
0184216E 3C E8 6B D6 F9 FF 8B 55 FC 8B 4D F8 6A FF 8B F0 <.k....U..M.j...
0184217E FF 15 44 24 93 01 85 F6 78 0C 8B 4D 10 8D 55 EC ..D$....x..M..U.
0184218E FF 15 F0 23 93 01 8D 4D EC FF 15 A4 24 93 01 8B ...#...M....$...
0184219E C6 5E C9 C2 0C 00 FF 74 24 0C 8B 44 24 08 FF 74 .^.....t$..D$..t
018421AE 24 0C 8B 48 3C FF 70 44 E8 9F D6 F9 FF C2 0C 00 $..H<.pD........
018421BE FF 74 24 0C 8B 44 24 08 FF 74 24 0C 8B 48 3C FF .t$..D$..t$..H<.
018421CE 70 44 E8 4D 0F FA FF C2 0C 00 FF 74 24 08 FF 74 pD.M.......t$..t
018421DE 24 08 FF 71 44 8B 49 3C E8 77 01 FA FF C2 08 00 $..qD.I<.w......
018421EE FF 74 24 08 FF 74 24 08 FF 71 44 8B 49 3C E8 E8 .t$..t$..qD.I<..
018421FE DF F9 FF C2 08 00 FF 74 24 0C FF 74 24 0C FF 74 .......t$..t$..t
0184220E 24 0C FF 71 44 8B 49 3C E8 CC D6 F9 FF C2 0C 00 $..qD.I<........
0184221E FF 74 24 08 FF 74 24 08 FF 71 44 8B 49 3C E8 7C .t$..t$..qD.I<.|
0184222E DF F9 FF C2 08 00 FF 74 24 0C FF 74 24 0C FF 74 .......t$..t$..t


06D2AE68 31 33 31 36 32 30 34 31 33 33 00 00 6D 00 73 00 1316204133..m.s.
06D2AE78 66 00 00 00 36 00 00 00 62 00 69 00 6E 00 64 00 f...6...b.i.n.d.
06D2AE88 42 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 B.y.N.a.m.e.....
06D2AE98 00 00 00 00 00 00 00 00 62 00 69 00 6E 00 64 00 ........b.i.n.d.
06D2AEA8 42 00 6C 00 6F 00 62 00 42 00 79 00 4E 00 61 00 B.l.o.b.B.y.N.a.
06D2AEB8 6D 00 65 00 00 00 00 00 62 00 69 00 6E 00 64 00 m.e.....b.i.n.d.
06D2AEC8 42 00 79 00 49 00 6E 00 64 00 65 00 78 00 00 00 B.y.I.n.d.e.x...
06D2AED8 00 00 00 00 00 00 00 00 62 00 69 00 6E 00 64 00 ........b.i.n.d.
06D2AEE8 42 00 6C 00 6F 00 62 00 42 00 79 00 49 00 6E 00 B.l.o.b.B.y.I.n.
06D2AEF8 64 00 65 00 78 00 00 00 62 00 69 00 6E 00 64 00 d.e.x...b.i.n.d.
06D2AF08 50 00 61 00 72 00 61 00 6D 00 65 00 74 00 65 00 P.a.r.a.m.e.t.e.
06D2AF18 72 00 73 00 00 00 00 00 70 00 61 00 72 00 61 00 r.s.....p.a.r.a.
06D2AF28 6D 00 65 00 74 00 65 00 72 00 43 00 6F 00 75 00 m.e.t.e.r.C.o.u.
06D2AF38 6E 00 74 00 00 00 00 00 63 00 6F 00 6C 00 75 00 n.t.....c.o.l.u.
06D2AF48 6D 00 6E 00 43 00 6F 00 75 00 6E 00 74 00 00 00 m.n.C.o.u.n.t...
06D2AF58 00 00 00 00 00 00 00 00 67 00 65 00 74 00 43 00 ........g.e.t.C.


0182C902 8D 4D F8 FF D6 8D 4D F4 FF D6 8D 4D FC FF D6 5F .M....M....M..._
0182C912 33 C0 5E 5B C9 C2 0C 00 55 8B EC 83 EC 74 A1 38 3.^[....U....t.8
0182C922 FF BA 01 33 C5 89 45 FC 8B 4D 10 85 C9 8B 45 0C ...3..E..M....E.
0182C932 53 8B 5D 08 89 4D 98 75 0A B8 03 40 00 80 E9 8B S.]..M.u...@....
0182C942 00 00 00 56 57 6A FF 50 8D 4D A8 E8 BD A6 8F FF ...VWj.P.M......
0182C952 8B 3D A8 24 93 01 6A 01 6A 06 68 40 95 B5 01 8D .=.$..j.j.h@....
0182C962 4D 9C FF D7 FF 75 A0 8B 55 AC FF 75 9C 8D 4D A8 M....u..U..u..M.
0182C972 6A 00 FF 15 5C 24 93 01 8B 35 A4 24 93 01 8D 4D j...\$...5.$...M
0182C982 9C FF D6 8D 4D 8C FF 15 88 24 93 01 8B 03 8D 4D ....M....$.....M
0182C992 8C 51 FF 75 A8 53 FF 90 30 02 00 00 6A 01 6A 04 .Q.u.S..0...j.j.
0182C9A2 68 68 60 93 01 8D 4D 9C FF D7 8D 55 9C 8D 4D 8C hh`...M....U..M.
0182C9B2 FF 15 EC 23 93 01 8B 4D 98 89 01 8D 4D 9C FF D6 ...#...M....M...
0182C9C2 8D 4D 8C FF D6 8D 4D A8 FF D6 5F 33 C0 5E 8B 4D .M....M..._3.^.M
0182C9D2 FC 33 CD 5B E8 A5 71 0F 00 C9 C2 0C 00 55 8B EC .3.[..q......U..
0182C9E2 83 EC 74 A1 38 FF BA 01 33 C5 89 45 FC 8B 45 0C ..t.8...3..E..E.
0182C9F2 83 65 A4 00 53 56 57 8B 7D 08 6A FF 50 8D 4D A8 .e..SVW.}.j.P.M.


09A8CDF0 A8 30 B5 01 12 00 00 00 00 00 00 00 B8 DD 09 0A .0..............
09A8CE00 B0 32 11 0C 00 00 00 00 E0 41 9B 08 60 B6 EF 0A .2.......A..`...
09A8CE10 F0 FF FF FF F8 1D FA 0A 28 08 0C 0A 08 A4 FA 0A ........(.......
09A8CE20 B8 8E 4C 0B 78 64 0F 0A 67 00 00 00 05 00 00 00 ..L.xd..g.......
09A8CE30 E0 F4 65 5F 01 00 00 00 00 00 00 00 80 47 A6 0A ..e_.........G..
09A8CE40 80 00 00 00 9A 00 00 00 97 00 00 00 98 00 00 00 ................
09A8CE50 99 00 00 00 81 00 00 00 82 00 00 00 83 00 00 00 ................
09A8CE60 84 00 00 00 85 00 00 00 86 00 00 00 87 00 00 00 ................
09A8CE70 88 00 00 00 89 00 00 00 8A 00 00 00 8B 00 00 00 ................
09A8CE80 8C 00 00 00 8D 00 00 00 8E 00 00 00 91 00 00 00 ................
09A8CE90 90 00 00 00 93 00 00 00 94 00 00 00 8F 00 00 00 ................
09A8CEA0 95 00 00 00 96 00 00 00 9B 00 00 00 9C 00 00 00 ................
09A8CEB0 92 00 00 00 9D 00 00 00 9E 00 00 00 98 A8 0A 06 ................
09A8CEC0 40 48 A6 0A 00 00 00 00 01 00 00 00 FF FF FF FF @H..............
09A8CED0 00 00 00 00 A8 60 CE 08 A0 B4 D3 0B E0 F4 65 5F .....`........e_
09A8CEE0 64 00 00 00 00 00 00 00 68 00 72 00 6F 00 6D 00 d.......h.r.o.m.




All Threads:
6108 01923B50 thunderbird.exe+0x803b50
4068 0112E3D4 thunderbird.exe!XRE_GetFileFromPath+0x315d
5952 735E62EE mswsock.dll+0x62ee
2604 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
3936 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
3008 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
3968 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
352 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
3988 775541F3 ntdll.dll!RtlLoadString+0x430
5004 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
260 732227C1 WINMM.dll!timeGetTime+0xe1
5352 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
4432 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
2788 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
1224 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
4908 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
5220 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
5828 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
5636 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
2400 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
932 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
3940 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
4412 77556679 ntdll.dll!RtlDosSearchPath_Ustr+0x69a
5572 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
4048 77556679 ntdll.dll!RtlDosSearchPath_Ustr+0x69a
1008 5F422C50 MOZCRT19.dll!_endthreadex+0xa0
5856 77556679 ntdll.dll!RtlDosSearchPath_Ustr+0x69a

[SweetTech]

Hi!

Can you attempt to run this tool for me in Normal Mode:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.