Fist at various times in task manager I see many copies of iexplorer.exe and wltuser.exe being created. This seems to be trigered by enabling the internet connection on the machine, or even by opening a browser, Chrome or Internet Explorer with the internet disabled.
There is also, sometimes but not always, indian sounding music playing from the machine and talking that I can not make out.
If I open Google chrome then I will see many chrome.exe processes created and slowly all go away except the one.
I just tried to open Internet Explorer with no Internet connction and it creatd a whole bunch of xpnetdiag.exe processes. After a few moments they all went away but one which I suspect is there to diagnose the connection problem.
After booting up the computer there will be many strange processes in task manager. I can delete them and sometimes they try to come back but after deleteing them a few times they don't come back.
At various times it will also creat many other strange names, but it seems to only do it when it feels like it. I can't make it do it right now. If I reboot it will do it but then I can't do anything with the computer for about 10 minutes. Even then it is very slow, but after awhile, if I delete all the strange processes and the iexplorer.exe and wltuser.exe it will run about normal speed.
It seems to have done something to AVG. I can't update it. It continously asks me to reboot to install the updates and when I reboot AVG comes back up with the small yellow triangle on the tray icon and requests a reboot to install the updates, it will do this for ever. It will also not let me remove AVG. I have tried several times.
I have tried to install Microsoft Essentials but it says windows does not pass WGA, but the lady who owns this laptop says she bought the laptop new with windows XP and has never had a WGA problem before. XP was set to do auto updates when I checked and they all seem to be done.
I am also using free versions of Malwarebytes, which removed 4 trojans the first time I ran it, and SuperAntiSpyware which removed two other trojans and some adware the first time I ran it. I have logs of both of these if needed. Fully updated, both programs now find nothing in later scans. I had a hard time updating SupraAtiSpyware. It downloaded and uncompresed the updates but was hours trying to do the very last step of the update. I left it and went to bed and when I got up in the morning it was done so I rescanned and it found nothing.
I think that is everything.
===============OLT LOG============
OTL logfile created on: 30/01/2012 10:11:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
502.42 Mb Total Physical Memory | 279.80 Mb Available Physical Memory | 55.69% Memory free
1.20 Gb Paging File | 0.68 Gb Available in Paging File | 56.75% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.54 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive E: | 1.91 Gb Total Space | 1.91 Gb Free Space | 99.97% Space Free | Partition Type: FAT
Computer Name: LAURA | User Name: Lauras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/30 10:08:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/01/30 01:19:37 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/30 01:38:21 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/30 01:38:16 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/30 01:27:15 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/30 01:26:34 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AcrSch2Svc)
SRV - [2012/01/30 01:19:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/05 09:02:10 | 001,187,600 | ---- | M] (Starfield Technologies) [On_Demand | Stopped] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/06 14:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/10/12 14:34:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Stopped] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
========== Driver Services (SafeList) ==========
DRV - [2012/01/30 01:19:33 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/01/30 01:19:33 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2012/01/27 08:29:26 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/11/02 22:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 22:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/13 00:27:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/13 00:27:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/24 15:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/22 03:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 17:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/04 01:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 01:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 19:41:08 | 000,000,000 | ---D | M]
[2012/01/25 09:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lauras\Application Data\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bell Internet Service Advisor (Enabled) = C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Default = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
O1 HOSTS File: ([2012/01/28 17:51:43 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [DiamondView] C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [DiamondView] C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKU\S-1-5-18..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe File not found
O4 - HKU\S-1-5-19..\Run: [DiamondView] C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKU\S-1-5-20..\Run: [DiamondView] C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O15 - HKU\S-1-5-21-2000478354-813497703-1177238915-1003\..Trusted Domains: salesforce.com ([na6] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1223562432484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223562562718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 23:29:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\Shell\phone\command - "" = E:\autorun.exe
O33 - MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/29 16:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2012/01/29 16:23:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/29 12:41:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lauras\Recent
[2012/01/29 10:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ElevatedDiagnostics
[2012/01/29 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/29 10:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/27 09:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/27 09:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/27 09:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/27 09:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/27 08:29:26 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/27 08:29:25 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/27 08:29:25 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/01/25 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\NetCare
[2012/01/25 17:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\PC-FAX TX
[2012/01/25 15:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ControlCenter4
[2012/01/25 15:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2012/01/25 15:22:31 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2012/01/25 15:22:25 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2012/01/25 15:22:24 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBI110.EXE
[2012/01/25 15:22:24 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BRPRTINK.DLL
[2012/01/25 15:22:21 | 000,071,424 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerIb.sys
[2012/01/25 15:22:21 | 000,011,520 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSib.sys
[2012/01/25 15:22:12 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi11a.dll
[2012/01/25 15:22:06 | 001,481,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia11a.dll
[2012/01/25 15:22:06 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrJDec.dll
[2012/01/25 15:21:55 | 000,000,000 | ---D | C] -- C:\Brother
[2012/01/25 15:21:43 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2012/01/25 15:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/01/25 15:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2012/01/25 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012/01/25 15:20:27 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/01/25 15:20:27 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2012/01/25 15:20:20 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll
[2012/01/25 15:19:25 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2012/01/25 15:19:25 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2012/01/25 15:19:25 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2012/01/25 15:19:25 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2012/01/25 15:19:03 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/01/25 15:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2012/01/25 15:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\InstallShield
[2012/01/25 15:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\MFCJ625D
[2012/01/25 09:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2012/01/25 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Local Settings\Application Data\Workspace
[2012/01/25 09:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace
[2012/01/12 18:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine
[2012/01/12 16:59:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IECompatCache
[2012/01/12 16:48:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\PrivacIE
[2012/01/12 16:45:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IETldCache
[2012/01/12 16:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/12 16:25:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/12 16:17:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/01/12 16:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/01/10 17:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\DESKTOP2
[2012/01/10 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobile Blog X
[2012/01/10 15:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\MobileBlogX
[2012/01/10 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MobileBlogX
[2012/01/10 15:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\xp pack
[2012/01/09 14:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\FileZilla
[2012/01/09 14:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/01/09 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine-zip
[2012/01/07 11:29:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[34 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/30 01:21:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 01:05:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/30 00:20:03 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/30 00:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 00:12:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/28 22:21:52 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2012/01/28 17:51:43 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/28 09:57:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PTdQH2.dat
[2012/01/28 09:37:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 09:37:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 08:29:26 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2012/01/27 08:29:26 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/27 08:29:25 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2012/01/27 08:26:07 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 20:11:56 | 000,000,810 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 18:39:40 | 000,247,704 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:57:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2012/01/25 17:39:38 | 000,151,728 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:05 | 000,003,303 | ---- | M] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:35 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 14:07:20 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 14:03:16 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 09:52:07 | 001,496,800 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/24 18:10:43 | 000,244,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/20 13:20:49 | 001,062,842 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:09 | 001,300,179 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:50 | 044,001,262 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:04:10 | 452,567,206 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:51 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:04 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:17 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:54 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 17:01:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
[2012/01/12 16:45:53 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Lauras\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:06:07 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/11 19:32:20 | 000,545,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 19:32:20 | 000,104,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 20:26:37 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Lauras\g2mdlhlpx.exe
[2012/01/10 19:10:08 | 000,002,342 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 15:32:51 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/07 11:29:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/06 22:33:35 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[34 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/30 00:20:03 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/28 09:57:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PTdQH2.dat
[2012/01/28 09:42:36 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/01/27 12:14:24 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (4).lnk
[2012/01/27 10:22:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 08:26:06 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 21:49:29 | 000,247,704 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:39:26 | 000,151,728 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:35 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 15:24:50 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:29 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/25 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/25 15:20:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 15:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/01/25 13:43:25 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 13:40:32 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 09:52:05 | 001,496,800 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/20 13:20:49 | 001,062,842 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:08 | 001,300,179 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:45 | 044,001,262 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:02:25 | 452,567,206 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:50 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:01 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:15 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:52 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 13:06:07 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/10 19:30:46 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (3).lnk
[2012/01/10 19:10:08 | 000,002,342 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 19:08:21 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (2).lnk
[2012/01/10 15:37:41 | 000,272,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/10 15:32:51 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/06 22:33:34 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[2011/01/29 21:19:09 | 000,000,813 | ---- | C] () -- C:\WINDOWS\dmt.ini
[2010/02/05 15:10:01 | 000,239,074 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\adCenterExcelAddinV5.5_External.config
[2010/02/05 14:49:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 07:26:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/05/04 14:41:48 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/05/04 14:41:48 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/05/04 14:41:47 | 000,000,121 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/02/05 19:46:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/02/05 19:31:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2008/11/22 16:24:24 | 000,000,563 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/22 16:11:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/11/22 16:11:37 | 000,002,204 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2008/11/22 16:10:58 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/11/22 16:10:58 | 000,000,328 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2008/11/22 16:10:58 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/22 16:10:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\mf322def.dat
[2008/11/22 16:10:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsi06.BIN
[2008/10/18 19:03:01 | 000,023,353 | ---- | C] () -- C:\Documents and Settings\Lauras\Application Data\Comma Separated Values (Windows).ADR
[2008/10/13 01:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008/10/09 17:46:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\FaxHelper.exe
[2008/10/06 22:16:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/10/06 22:16:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/10/06 21:49:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/06 21:49:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/06 21:49:00 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/10/04 23:32:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 23:25:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/04 16:04:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/04 16:03:18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 22:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 22:42:10 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2008/04/13 22:42:10 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllc.dat
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/19 15:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UL.ini
[2004/10/19 13:30:18 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Maritimelife.ini
[2004/06/17 23:20:38 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\olexlsf.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,545,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,104,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >