Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hope to get help with an ib.adnxs virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 25th, 2012, 3:25 pm

hxxp://ib.adnxs.com

DDS (Ver_2011-08-26.01) - NTFSx86



The above link contiuously pops up on my internet explorer browser. Appears to be a virus, I think. Hope you can help me,
Thank you
Nicole


Internet Explorer: 8.0.6001.19298 BrowserJavaVersion: 10.5.1
Run by Nicole at 15:03:30 on 2012-08-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.1972 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WhiteSmoke\WSEnrichment.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.lenovo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\users\nicole\appdata\roaming\qwiklinx\Qwiklinx.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: VideoFileDownload: {625f420e-a4a9-4b40-bc23-716c1c43893a} - c:\program files\oapps\bho.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E)" -"http://www.miniclip.com/games/masters-of-wrestling/en/webgame.php"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\nicole\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke\WSEnrichment.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\nicole\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\nicole\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: exodusvipdesk.com
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: vipdesk.com
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D5F3DAC4-07E6-4333-ACD2-6460FBD1EE7D} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ntdisk;ntdisk;c:\windows\system32\drivers\ntdisk.sys [2008-5-10 26144]
R0 safnt;safnt;c:\windows\system32\drivers\safnt.sys [2008-5-10 16912]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-17 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120811.003\BHDrvx86.sys [2012-8-10 995488]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120824.001\IDSvix86.sys [2012-8-24 386208]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-28 214664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-17 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-17 331384]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-30 47640]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-17 130008]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2008-2-1 66824]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FreemakeVideoCapture;FreemakeVideoCapture;"c:\program files\freemake\capturelib\capturelibservice.exe" --> c:\program files\freemake\capturelib\CaptureLibService.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-13 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-13 136176]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-28 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-28 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-28 40552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-30 12984]
S3 VMC410;Vimicro Camera Service VMC410;c:\windows\system32\drivers\VMC410.sys [2008-5-10 266880]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-08-25 18:04:20 -------- d-----w- C:\_OTL
2012-08-25 13:46:02 -------- d-----w- c:\users\nicole\appdata\roaming\DriverCure
2012-08-25 13:45:56 -------- d-----w- c:\users\nicole\appdata\roaming\SpeedyPC Software
2012-08-25 13:44:59 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-25 11:39:03 -------- d-----w- c:\programdata\XoftSpySE
2012-08-19 09:21:12 -------- d-----w- c:\users\nicole\appdata\local\AOL Toolbar
2012-08-18 22:43:52 -------- d-----w- c:\users\nicole\appdata\local\Zoom_Downloader
2012-08-18 22:40:49 -------- d-----w- C:\extensions
2012-08-18 22:40:46 -------- d-----w- c:\users\nicole\appdata\roaming\Qwiklinx
2012-08-18 22:40:46 -------- d-----w- c:\program files\Qwiklinx
2012-08-18 22:40:00 -------- d-----w- c:\program files\OApps
2012-08-18 22:39:47 -------- d-----w- c:\programdata\AOL Toolbar
2012-08-18 22:39:47 -------- d-----w- c:\program files\AOL Toolbar
2012-08-16 07:07:38 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 10:05:04 623616 ----a-w- c:\windows\system32\localspl.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-15 13:24:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 13:24:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 11:37:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 11:32:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-28 11:31:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-28 11:31:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-06-28 11:31:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-28 09:59:23 385024 ----a-w- c:\windows\system32\html.iec
2012-06-28 08:19:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-28 08:17:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 15:04:52.67 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2008 12:56:43 PM
System Uptime: 8/25/2012 2:23:38 PM (1 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | CPU 1 | 1203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 308.877 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Ad-Aware
Adobe Acrobat Connect Add-in
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AdwareAlert
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
authorSTREAM Desktop
Bonjour
Business Contact Manager for Outlook 2007 SP2
Compatibility Pack for the 2007 Office system
Connect
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver & Application Installation
Facebook Plug-In
Feedback Tool
File Type Assistant
FlipShare
Free Studio version 5.4.9
Free YouTube Download version 3.1.25.423
GIMP 2.6.11
GOM Player
Google Chrome
Google Drive
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Google Updater
Greeting Card Factory Photo Card Maker 3.0
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block New Jersey 2009
H&R Block New Jersey 2010
H&R Block New Jersey 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
InterVideo WinDVD 8
IP Calculator
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
kuler
Lenovo Media Studio
Lenovo PC Type Configuration
Lenovo Screen Saver
Lenovo Standard Keyboard Driver
Lexmark Toolbar
LVT
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Excel 2010
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyITLab ActiveX Installer 2.8.5.65535
Norton Security Suite
Notepad++
OGA Notifier 2.0.0048.0
OKAVAgent
PDF Settings CS4
Photo Notifier and Animation Creator
Photoshop Camera Raw
Picasa 3
Print Artist Gold 21
QuickTime
Qwiklinx
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery for Excel 5.1.14396.1 Demo License
ResumeMaker
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
TaxCut New Jersey 2008
TaxCut Premium + State + Efile 2008
Uninstall Lenovo OneKey Recovery
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VeriFace
VideoCam Suite 2.0
Vimicro UVC Camera
VIPdesk Scan Utility
Vista Codec Package
Web Deployment Tool
WhiteSmoke
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR archiver
Yahoo! Detect
Youtube Saved
.
==== Event Viewer Messages From Past Week ========
.
8/25/2012 5:47:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/25/2012 2:25:39 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.2. The computer with the IP address 192.168.2.7 did not allow the name to be claimed by this computer.
8/25/2012 2:25:38 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the file specified.
8/25/2012 2:25:38 PM, Error: Service Control Manager [7000] - The FreemakeVideoCapture service failed to start due to the following error: The system cannot find the file specified.
8/25/2012 2:17:26 PM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
8/22/2012 5:49:00 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001E90A530F6 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/22/2012 5:48:58 PM, Error: EventLog [6008] - The previous system shutdown at 9:39:51 AM on 8/22/2012 was unexpected.
8/19/2012 5:20:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
8/18/2012 6:48:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
8/18/2012 6:47:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
.
==== End Of File ===========================

Edit: potentially malicious link disabled - deltalima
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm
Advertisement
Register to Remove

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 26th, 2012, 1:35 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 26th, 2012, 1:47 pm

Hi nicole and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Ad-Aware
AdwareAlert
Coupon Printer for Windows
Qwiklinx
WhiteSmoke

Next.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Next.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe And select Run as administrator to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *whitesmoke*
    *Qwiklinx*
    
    :folderfind
    *whitesmoke*
    *Qwiklinx*
    
    :Regfind
    whitesmoke
    Qwiklinx
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 26th, 2012, 3:11 pm

Thank you so much for helping me!

I started with what you requested, however, I couldn't get past the uninstalling because AdwareAlert gave me a message when trying to uninstall, stating I couldn't remove because the "network resource was unavailable" Also, I was nervous about uninstalling WHitesmoke, since I actually paid for the service a while back. I wasn't sure if removing it meant it was deleting it completely?

SO should i move past AdwareAlert and Whitesmoke?

Thanks again!
Nicole
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 26th, 2012, 3:20 pm

Hi Nicole,
Thank you so much for helping me!

You're welcome.
I was nervous about uninstalling WHitesmoke, since I actually paid for the service a while back.

You can keep this if you wish, it sometimes gets installed on users computers without their permission.
I started with what you requested, however, I couldn't get past the uninstalling because AdwareAlert

Just forget about AdwareAlert for now, and continue with the rest of my instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 26th, 2012, 3:54 pm

In regards to these instructions:

"When the scan is complete, click OK, then Show Results to view the results & Check all items except items in the C:\System Volume Information folder... and click Remove Selected."

I don't see anything that has Show Results and not sure where to go to CHeck items in the C:\System Volume Information folder


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Nicole :: NICOLE-PC [administrator]

8/26/2012 3:35:24 PM
mbam-log-2012-08-26 (15-35-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221307
Time elapsed: 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 27th, 2012, 5:21 am

Hi Nicole,
The Malwarebytes scan was clean, but i still need you to run OTL as instructed.
Please run SystemLook to as follows, and post the resulting OTL and SystemLook logs.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right-click SystemLook.exe And select Run as administrator to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Qwiklinx*
    
    :folderfind
    *Qwiklinx*
    
    :Regfind
    Qwiklinx
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 27th, 2012, 6:27 pm

The below info is from the OTL.txt notepad info, however, I never saw a minimized "Extras.txt". Also want to point out that when i downloaded OTL, Norton popped up with a warning stating that I am one of very few people ever to download OTL. I obviously downloaded it anyway.


OTL logfile created on: 8/27/2012 6:11:24 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Nicole\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 42.91% Memory free
6.69 Gb Paging File | 4.45 Gb Available in Paging File | 66.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 370.88 Gb Free Space | 82.84% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nicole\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Users\Nicole\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
PRC - C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
PRC - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
MOD - C:\Program Files\WhiteSmoke\WSEngine.dll ()
MOD - C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Services (SafeList) ==========

SRV - (FreemakeVideoCapture) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found
DRV - (sxuptp) -- system32\DRIVERS\sxuptp.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\Nicole\AppData\Local\Temp\mbr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.005\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (ntdisk) -- C:\Windows\System32\drivers\ntdisk.sys ()
DRV - (VMC410) -- C:\Windows\System32\drivers\VMC410.sys (Vimicro Corporation)
DRV - (safnt) -- C:\Windows\System32\drivers\safnt.sys ()
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/red ... 843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120818223929736&tb_oid=18-08-2012&tb_mrud=18-08-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp= ... 3EFFBD6&q={searchTerms}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/red ... 843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120818223929736&tb_oid=18-08-2012&tb_mrud=18-08-2012
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_en
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{BFA03550-B002-4B5B-93B3-1E30E7E6E311}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GPTB_en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=DgVfwupoIZ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nicole\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/11 17:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/25 14:25:51 | 000,000,000 | ---D | M]

[2012/01/29 11:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2010/06/03 17:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/29 11:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 10:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 18:34:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 13:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 13:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 10:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/09 06:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/22 06:28:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/04 08:24:20 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - homepage: http://www.netvibes.com/privatepage/1#General
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.netvibes.com/privatepage/1#General
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Lightshot (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\1.4.0_0\npLightshot.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Nicole\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: Google Drive = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.1_0\
CHR - Extension: Splendid = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: My Shortcuts = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcpobipejlbogodeiendpdgcdambjgo\2.6.1_0\
CHR - Extension: Cloud Reader = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: YouTube = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Facebook = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Note Anywhere = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh\0.5.1_0\
CHR - Extension: Pixlr Grabber - Screen capture/image grabbing = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn\1.0_1\
CHR - Extension: Proofread Bot = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\1_1\
CHR - Extension: Webpage Screenshot = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Google Search = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Apture = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppaadhnncohnjgallikmjdonfliciek\2.3.0_0\
CHR - Extension: PicMonkey = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.4_0\
CHR - Extension: Highlight to Search = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg\1.0.36_0\
CHR - Extension: Click&Clean = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: IE Tab = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Google Share Button = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\idaeealfhcijmeigljaopafdapgijdcb\1.1.0.12_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Dictionary Lookup = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjaafajlfiopcppipdinmcjbcpofhd\4.3.1_0\
CHR - Extension: StumbleUpon = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\
CHR - Extension: Grammar and Spell Checker by Ginger = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh\0.1.0.67_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\2.8.1_1\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Google Mail Checker = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Springpad Extension = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: Gmail = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Mitto Password Manager = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkoloponjbmmlpligfeffepebbkmken\0.7_0\

O1 HOSTS File: ([2009/11/17 19:29:38 | 000,000,049 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (VideoFileDownload) - {625F420E-A4A9-4B40-BC23-716C1C43893A} - C:\Program Files\OApps\bho.dll (VideoFileDownload)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E)" -"http://www.miniclip.com/games/masters-of-wrestling/en/webgame.php" File not found
O4 - HKCU..\RunOnce: [WhiteSmoke] C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe ()
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: exodusvipdesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vipdesk.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://www.imgag.com/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F3DAC4-07E6-4333-ACD2-6460FBD1EE7D}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{72f659eb-16e6-11df-b091-001e90a530f6}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{72f659eb-16e6-11df-b091-001e90a530f6}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{a0d412cd-1511-11df-b36f-001e90a530f6}\Shell - "" = AutoRun
O33 - MountPoints2\{a0d412cd-1511-11df-b36f-001e90a530f6}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 14:04:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/25 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\DriverCure
[2012/08/25 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SpeedyPC Software
[2012/08/25 09:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/25 09:44:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\SpeedyPC
[2012/08/25 07:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012/08/19 05:21:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\AOL Toolbar
[2012/08/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Zoom_Downloader
[2012/08/18 18:40:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\ShopToWin
[2012/08/18 18:40:49 | 000,000,000 | ---D | C] -- C:\extensions
[2012/08/18 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Qwiklinx
[2012/08/18 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2012/08/18 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2012/08/18 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2012/08/18 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\New Folder
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/27 17:51:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 17:51:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404251217-2559953846-1342176442-1004UA.job
[2012/08/27 17:51:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 17:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 04:46:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 04:46:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 14:57:55 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404251217-2559953846-1342176442-1004Core.job
[2012/08/26 14:47:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 14:47:24 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/26 14:47:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/25 13:46:05 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/25 06:13:29 | 000,000,038 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\mbam.context.scan
[2012/08/21 21:25:11 | 000,002,009 | ---- | M] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 21:25:10 | 000,002,047 | ---- | M] () -- C:\Users\Nicole\Desktop\Google Chrome.lnk
[2012/08/16 03:31:57 | 002,589,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 12:28:40 | 000,000,495 | ---- | M] () -- C:\Users\Nicole\Desktop\server.properties
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 09:45:21 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/25 06:13:29 | 000,000,038 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\mbam.context.scan
[2012/07/17 18:38:13 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/02/12 16:36:32 | 000,065,780 | ---- | C] () -- C:\Users\Nicole\Michael Rubin 2011 Tax Return..T11
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/01/28 12:12:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/02 14:58:13 | 000,000,942 | ---- | C] () -- C:\ProgramData\5484catsverfile.xml
[2012/01/02 14:28:08 | 000,000,942 | ---- | C] () -- C:\ProgramData\32368catsverfile.xml
[2011/12/30 13:35:17 | 000,000,942 | ---- | C] () -- C:\ProgramData\27543catsverfile.xml
[2011/12/30 13:33:08 | 000,000,942 | ---- | C] () -- C:\ProgramData\27098catsverfile.xml
[2011/12/30 13:17:28 | 000,000,942 | ---- | C] () -- C:\ProgramData\24052catsverfile.xml
[2011/12/30 11:18:45 | 000,000,942 | ---- | C] () -- C:\ProgramData\781catsverfile.xml
[2011/11/19 16:31:34 | 000,006,571 | ---- | C] () -- C:\Users\Nicole\P1010971.JPG
[2011/11/19 16:31:34 | 000,006,207 | ---- | C] () -- C:\Users\Nicole\P1010973.JPG
[2011/11/19 16:31:34 | 000,006,162 | ---- | C] () -- C:\Users\Nicole\P1010972.JPG
[2011/11/19 16:31:34 | 000,006,065 | ---- | C] () -- C:\Users\Nicole\P1010974.JPG
[2011/11/19 16:31:34 | 000,006,055 | ---- | C] () -- C:\Users\Nicole\P1010965.JPG
[2011/11/19 16:31:34 | 000,005,877 | ---- | C] () -- C:\Users\Nicole\P1010964.JPG
[2011/11/19 16:31:34 | 000,005,548 | ---- | C] () -- C:\Users\Nicole\P1010968.JPG
[2011/11/19 16:31:34 | 000,005,477 | ---- | C] () -- C:\Users\Nicole\P1010969.JPG
[2011/11/19 16:31:34 | 000,005,241 | ---- | C] () -- C:\Users\Nicole\P1010975.JPG
[2011/11/19 16:31:34 | 000,004,983 | ---- | C] () -- C:\Users\Nicole\P1010967.JPG
[2011/11/19 16:31:34 | 000,004,892 | ---- | C] () -- C:\Users\Nicole\P1010970.JPG
[2011/11/19 16:31:34 | 000,004,850 | ---- | C] () -- C:\Users\Nicole\P1010962.JPG
[2011/11/19 16:31:34 | 000,004,840 | ---- | C] () -- C:\Users\Nicole\P1010976.JPG
[2011/11/19 16:31:34 | 000,004,835 | ---- | C] () -- C:\Users\Nicole\P1010966.JPG
[2011/11/19 16:31:34 | 000,004,818 | ---- | C] () -- C:\Users\Nicole\P1010963.JPG
[2011/11/19 16:31:34 | 000,004,552 | ---- | C] () -- C:\Users\Nicole\P1010953.JPG
[2011/11/19 16:31:34 | 000,004,537 | ---- | C] () -- C:\Users\Nicole\P1010978.JPG
[2011/11/19 16:31:34 | 000,004,420 | ---- | C] () -- C:\Users\Nicole\P1010956.JPG
[2011/11/19 16:31:34 | 000,004,255 | ---- | C] () -- C:\Users\Nicole\P1010955.JPG
[2011/11/19 16:31:34 | 000,004,221 | ---- | C] () -- C:\Users\Nicole\P1010977.JPG
[2011/11/19 16:31:34 | 000,004,178 | ---- | C] () -- C:\Users\Nicole\P1010958.JPG
[2011/11/19 16:31:34 | 000,004,165 | ---- | C] () -- C:\Users\Nicole\P1010951.JPG
[2011/11/19 16:31:34 | 000,004,037 | ---- | C] () -- C:\Users\Nicole\P1010950.JPG
[2011/11/19 16:31:34 | 000,004,000 | ---- | C] () -- C:\Users\Nicole\P1010954.JPG
[2011/11/19 16:31:34 | 000,003,997 | ---- | C] () -- C:\Users\Nicole\P1010959.JPG
[2011/11/19 16:31:34 | 000,003,993 | ---- | C] () -- C:\Users\Nicole\P1010979.JPG
[2011/11/19 16:31:34 | 000,003,955 | ---- | C] () -- C:\Users\Nicole\P1010952.JPG
[2011/11/19 16:31:34 | 000,003,908 | ---- | C] () -- C:\Users\Nicole\P1010984.JPG
[2011/11/19 16:31:34 | 000,003,877 | ---- | C] () -- C:\Users\Nicole\P1010957.JPG
[2011/11/19 16:31:34 | 000,003,861 | ---- | C] () -- C:\Users\Nicole\P1010961.JPG
[2011/11/19 16:31:34 | 000,003,764 | ---- | C] () -- C:\Users\Nicole\P1010983.JPG
[2011/11/19 16:31:34 | 000,003,748 | ---- | C] () -- C:\Users\Nicole\P1010949.JPG
[2011/11/19 16:31:34 | 000,003,647 | ---- | C] () -- C:\Users\Nicole\P1010960.JPG
[2011/11/19 16:31:34 | 000,003,642 | ---- | C] () -- C:\Users\Nicole\P1010980.JPG
[2011/11/19 16:31:34 | 000,003,532 | ---- | C] () -- C:\Users\Nicole\P1010981.JPG
[2011/11/19 16:31:34 | 000,003,404 | ---- | C] () -- C:\Users\Nicole\P1010982.JPG
[2011/11/19 16:31:34 | 000,003,021 | ---- | C] () -- C:\Users\Nicole\P1010986.JPG
[2011/11/19 16:31:34 | 000,002,844 | ---- | C] () -- C:\Users\Nicole\P1010985.JPG
[2011/11/19 16:31:33 | 000,005,981 | ---- | C] () -- C:\Users\Nicole\P1010907.JPG
[2011/11/19 16:31:33 | 000,005,695 | ---- | C] () -- C:\Users\Nicole\P1010909.JPG
[2011/11/19 16:31:33 | 000,005,677 | ---- | C] () -- C:\Users\Nicole\P1010905.JPG
[2011/11/19 16:31:33 | 000,005,662 | ---- | C] () -- C:\Users\Nicole\P1010913.JPG
[2011/11/19 16:31:33 | 000,005,581 | ---- | C] () -- C:\Users\Nicole\P1010914.JPG
[2011/11/19 16:31:33 | 000,005,477 | ---- | C] () -- C:\Users\Nicole\P1010906.JPG
[2011/11/19 16:31:33 | 000,005,466 | ---- | C] () -- C:\Users\Nicole\P1010908.JPG
[2011/11/19 16:31:33 | 000,005,297 | ---- | C] () -- C:\Users\Nicole\P1010933.JPG
[2011/11/19 16:31:33 | 000,005,259 | ---- | C] () -- C:\Users\Nicole\P1010912.JPG
[2011/11/19 16:31:33 | 000,005,129 | ---- | C] () -- C:\Users\Nicole\P1010918.JPG
[2011/11/19 16:31:33 | 000,005,037 | ---- | C] () -- C:\Users\Nicole\P1010922.JPG
[2011/11/19 16:31:33 | 000,005,024 | ---- | C] () -- C:\Users\Nicole\P1010910.JPG
[2011/11/19 16:31:33 | 000,005,004 | ---- | C] () -- C:\Users\Nicole\P1010947.JPG
[2011/11/19 16:31:33 | 000,004,957 | ---- | C] () -- C:\Users\Nicole\P1010911.JPG
[2011/11/19 16:31:33 | 000,004,874 | ---- | C] () -- C:\Users\Nicole\P1010946.JPG
[2011/11/19 16:31:33 | 000,004,807 | ---- | C] () -- C:\Users\Nicole\P1010916.JPG
[2011/11/19 16:31:33 | 000,004,805 | ---- | C] () -- C:\Users\Nicole\P1010945.JPG
[2011/11/19 16:31:33 | 000,004,784 | ---- | C] () -- C:\Users\Nicole\P1010919.JPG
[2011/11/19 16:31:33 | 000,004,765 | ---- | C] () -- C:\Users\Nicole\P1010944.JPG
[2011/11/19 16:31:33 | 000,004,731 | ---- | C] () -- C:\Users\Nicole\P1010925.JPG
[2011/11/19 16:31:33 | 000,004,667 | ---- | C] () -- C:\Users\Nicole\P1010930.JPG
[2011/11/19 16:31:33 | 000,004,636 | ---- | C] () -- C:\Users\Nicole\P1010939.JPG
[2011/11/19 16:31:33 | 000,004,629 | ---- | C] () -- C:\Users\Nicole\P1010920.JPG
[2011/11/19 16:31:33 | 000,004,596 | ---- | C] () -- C:\Users\Nicole\P1010921.JPG
[2011/11/19 16:31:33 | 000,004,590 | ---- | C] () -- C:\Users\Nicole\P1010915.JPG
[2011/11/19 16:31:33 | 000,004,523 | ---- | C] () -- C:\Users\Nicole\P1010929.JPG
[2011/11/19 16:31:33 | 000,004,462 | ---- | C] () -- C:\Users\Nicole\P1010917.JPG
[2011/11/19 16:31:33 | 000,004,409 | ---- | C] () -- C:\Users\Nicole\P1010932.JPG
[2011/11/19 16:31:33 | 000,004,377 | ---- | C] () -- C:\Users\Nicole\P1010941.JPG
[2011/11/19 16:31:33 | 000,004,361 | ---- | C] () -- C:\Users\Nicole\P1010923.JPG
[2011/11/19 16:31:33 | 000,004,344 | ---- | C] () -- C:\Users\Nicole\P1010935.JPG
[2011/11/19 16:31:33 | 000,004,335 | ---- | C] () -- C:\Users\Nicole\P1010934.JPG
[2011/11/19 16:31:33 | 000,004,305 | ---- | C] () -- C:\Users\Nicole\P1010937.JPG
[2011/11/19 16:31:33 | 000,004,272 | ---- | C] () -- C:\Users\Nicole\P1010927.JPG
[2011/11/19 16:31:33 | 000,004,127 | ---- | C] () -- C:\Users\Nicole\P1010948.JPG
[2011/11/19 16:31:33 | 000,004,116 | ---- | C] () -- C:\Users\Nicole\P1010938.JPG
[2011/11/19 16:31:33 | 000,004,064 | ---- | C] () -- C:\Users\Nicole\P1010940.JPG
[2011/11/19 16:31:33 | 000,004,015 | ---- | C] () -- C:\Users\Nicole\P1010942.JPG
[2011/11/19 16:31:33 | 000,003,998 | ---- | C] () -- C:\Users\Nicole\P1010926.JPG
[2011/11/19 16:31:33 | 000,003,928 | ---- | C] () -- C:\Users\Nicole\P1010928.JPG
[2011/11/19 16:31:33 | 000,003,898 | ---- | C] () -- C:\Users\Nicole\P1010931.JPG
[2011/11/19 16:31:33 | 000,003,774 | ---- | C] () -- C:\Users\Nicole\P1010943.JPG
[2011/11/19 16:31:33 | 000,003,489 | ---- | C] () -- C:\Users\Nicole\P1010936.JPG
[2011/11/19 16:31:33 | 000,003,030 | ---- | C] () -- C:\Users\Nicole\P1010924.JPG
[2011/11/19 16:31:32 | 000,006,755 | ---- | C] () -- C:\Users\Nicole\P1010896.JPG
[2011/11/19 16:31:32 | 000,006,250 | ---- | C] () -- C:\Users\Nicole\P1010883.JPG
[2011/11/19 16:31:32 | 000,006,157 | ---- | C] () -- C:\Users\Nicole\P1010897.JPG
[2011/11/19 16:31:32 | 000,006,107 | ---- | C] () -- C:\Users\Nicole\P1010892.JPG
[2011/11/19 16:31:32 | 000,006,097 | ---- | C] () -- C:\Users\Nicole\P1010882.JPG
[2011/11/19 16:31:32 | 000,005,952 | ---- | C] () -- C:\Users\Nicole\P1010900.JPG
[2011/11/19 16:31:32 | 000,005,938 | ---- | C] () -- C:\Users\Nicole\P1010895.JPG
[2011/11/19 16:31:32 | 000,005,930 | ---- | C] () -- C:\Users\Nicole\P1010899.JPG
[2011/11/19 16:31:32 | 000,005,838 | ---- | C] () -- C:\Users\Nicole\P1010890.JPG
[2011/11/19 16:31:32 | 000,005,818 | ---- | C] () -- C:\Users\Nicole\P1010881.JPG
[2011/11/19 16:31:32 | 000,005,689 | ---- | C] () -- C:\Users\Nicole\P1010891.JPG
[2011/11/19 16:31:32 | 000,005,671 | ---- | C] () -- C:\Users\Nicole\P1010903.JPG
[2011/11/19 16:31:32 | 000,005,605 | ---- | C] () -- C:\Users\Nicole\P1010889.JPG
[2011/11/19 16:31:32 | 000,005,584 | ---- | C] () -- C:\Users\Nicole\P1010874.JPG
[2011/11/19 16:31:32 | 000,005,481 | ---- | C] () -- C:\Users\Nicole\P1010904.JPG
[2011/11/19 16:31:32 | 000,005,456 | ---- | C] () -- C:\Users\Nicole\P1010901.JPG
[2011/11/19 16:31:32 | 000,005,327 | ---- | C] () -- C:\Users\Nicole\P1010879.JPG
[2011/11/19 16:31:32 | 000,005,305 | ---- | C] () -- C:\Users\Nicole\P1010884.JPG
[2011/11/19 16:31:32 | 000,005,247 | ---- | C] () -- C:\Users\Nicole\P1010902.JPG
[2011/11/19 16:31:32 | 000,005,180 | ---- | C] () -- C:\Users\Nicole\P1010872.JPG
[2011/11/19 16:31:32 | 000,005,164 | ---- | C] () -- C:\Users\Nicole\P1010885.JPG
[2011/11/19 16:31:32 | 000,005,162 | ---- | C] () -- C:\Users\Nicole\P1010886.JPG
[2011/11/19 16:31:32 | 000,005,046 | ---- | C] () -- C:\Users\Nicole\P1010880.JPG
[2011/11/19 16:31:32 | 000,005,041 | ---- | C] () -- C:\Users\Nicole\P1010876.JPG
[2011/11/19 16:31:32 | 000,004,974 | ---- | C] () -- C:\Users\Nicole\P1010866.JPG
[2011/11/19 16:31:32 | 000,004,904 | ---- | C] () -- C:\Users\Nicole\P1010864.JPG
[2011/11/19 16:31:32 | 000,004,855 | ---- | C] () -- C:\Users\Nicole\P1010865.JPG
[2011/11/19 16:31:32 | 000,004,838 | ---- | C] () -- C:\Users\Nicole\P1010877.JPG
[2011/11/19 16:31:32 | 000,004,788 | ---- | C] () -- C:\Users\Nicole\P1010898.JPG
[2011/11/19 16:31:32 | 000,004,788 | ---- | C] () -- C:\Users\Nicole\P1010887.JPG
[2011/11/19 16:31:32 | 000,004,777 | ---- | C] () -- C:\Users\Nicole\P1010888.JPG
[2011/11/19 16:31:32 | 000,004,601 | ---- | C] () -- C:\Users\Nicole\P1010870.JPG
[2011/11/19 16:31:32 | 000,004,535 | ---- | C] () -- C:\Users\Nicole\P1010869.JPG
[2011/11/19 16:31:32 | 000,004,499 | ---- | C] () -- C:\Users\Nicole\P1010873.JPG
[2011/11/19 16:31:32 | 000,004,400 | ---- | C] () -- C:\Users\Nicole\P1010867.JPG
[2011/11/19 16:31:32 | 000,004,159 | ---- | C] () -- C:\Users\Nicole\P1010875.JPG
[2011/11/19 16:31:32 | 000,004,093 | ---- | C] () -- C:\Users\Nicole\P1010878.JPG
[2011/11/19 16:31:32 | 000,003,826 | ---- | C] () -- C:\Users\Nicole\P1010893.JPG
[2011/11/19 16:31:32 | 000,003,801 | ---- | C] () -- C:\Users\Nicole\P1010868.JPG
[2011/11/19 16:31:32 | 000,003,607 | ---- | C] () -- C:\Users\Nicole\P1010871.JPG
[2011/11/19 16:31:32 | 000,003,541 | ---- | C] () -- C:\Users\Nicole\P1010894.JPG
[2011/11/19 16:31:31 | 000,006,105 | ---- | C] () -- C:\Users\Nicole\P1010813.JPG
[2011/11/19 16:31:31 | 000,006,024 | ---- | C] () -- C:\Users\Nicole\P1010846.JPG
[2011/11/19 16:31:31 | 000,005,933 | ---- | C] () -- C:\Users\Nicole\P1010843.JPG
[2011/11/19 16:31:31 | 000,005,930 | ---- | C] () -- C:\Users\Nicole\P1010861.JPG
[2011/11/19 16:31:31 | 000,005,587 | ---- | C] () -- C:\Users\Nicole\P1010811.JPG
[2011/11/19 16:31:31 | 000,005,409 | ---- | C] () -- C:\Users\Nicole\P1010844.JPG
[2011/11/19 16:31:31 | 000,005,366 | ---- | C] () -- C:\Users\Nicole\P1010833.JPG
[2011/11/19 16:31:31 | 000,005,358 | ---- | C] () -- C:\Users\Nicole\P1010823.JPG
[2011/11/19 16:31:31 | 000,005,353 | ---- | C] () -- C:\Users\Nicole\P1010835.JPG
[2011/11/19 16:31:31 | 000,005,247 | ---- | C] () -- C:\Users\Nicole\P1010812.JPG
[2011/11/19 16:31:31 | 000,005,206 | ---- | C] () -- C:\Users\Nicole\P1010845.JPG
[2011/11/19 16:31:31 | 000,005,133 | ---- | C] () -- C:\Users\Nicole\P1010830.JPG
[2011/11/19 16:31:31 | 000,005,107 | ---- | C] () -- C:\Users\Nicole\P1010806.JPG
[2011/11/19 16:31:31 | 000,005,089 | ---- | C] () -- C:\Users\Nicole\P1010825.JPG
[2011/11/19 16:31:31 | 000,005,061 | ---- | C] () -- C:\Users\Nicole\P1010837.JPG
[2011/11/19 16:31:31 | 000,005,040 | ---- | C] () -- C:\Users\Nicole\P1010836.JPG
[2011/11/19 16:31:31 | 000,005,017 | ---- | C] () -- C:\Users\Nicole\P1010838.JPG
[2011/11/19 16:31:31 | 000,005,001 | ---- | C] () -- C:\Users\Nicole\P1010834.JPG
[2011/11/19 16:31:31 | 000,004,893 | ---- | C] () -- C:\Users\Nicole\P1010859.JPG
[2011/11/19 16:31:31 | 000,004,884 | ---- | C] () -- C:\Users\Nicole\P1010828.JPG
[2011/11/19 16:31:31 | 000,004,850 | ---- | C] () -- C:\Users\Nicole\P1010805.JPG
[2011/11/19 16:31:31 | 000,004,849 | ---- | C] () -- C:\Users\Nicole\P1010829.JPG
[2011/11/19 16:31:31 | 000,004,816 | ---- | C] () -- C:\Users\Nicole\P1010810.JPG
[2011/11/19 16:31:31 | 000,004,756 | ---- | C] () -- C:\Users\Nicole\P1010807.JPG
[2011/11/19 16:31:31 | 000,004,701 | ---- | C] () -- C:\Users\Nicole\P1010831.JPG
[2011/11/19 16:31:31 | 000,004,689 | ---- | C] () -- C:\Users\Nicole\P1010817.JPG
[2011/11/19 16:31:31 | 000,004,530 | ---- | C] () -- C:\Users\Nicole\P1010818.JPG
[2011/11/19 16:31:31 | 000,004,503 | ---- | C] () -- C:\Users\Nicole\P1010795.JPG
[2011/11/19 16:31:31 | 000,004,502 | ---- | C] () -- C:\Users\Nicole\P1010794.JPG
[2011/11/19 16:31:31 | 000,004,493 | ---- | C] () -- C:\Users\Nicole\P1010819.JPG
[2011/11/19 16:31:31 | 000,004,488 | ---- | C] () -- C:\Users\Nicole\P1010826.JPG
[2011/11/19 16:31:31 | 000,004,434 | ---- | C] () -- C:\Users\Nicole\P1010821.JPG
[2011/11/19 16:31:31 | 000,004,417 | ---- | C] () -- C:\Users\Nicole\P1010824.JPG
[2011/11/19 16:31:31 | 000,004,396 | ---- | C] () -- C:\Users\Nicole\P1010827.JPG
[2011/11/19 16:31:31 | 000,004,363 | ---- | C] () -- C:\Users\Nicole\P1010862.JPG
[2011/11/19 16:31:31 | 000,004,295 | ---- | C] () -- C:\Users\Nicole\P1010820.JPG
[2011/11/19 16:31:31 | 000,004,278 | ---- | C] () -- C:\Users\Nicole\P1010853.JPG
[2011/11/19 16:31:31 | 000,004,275 | ---- | C] () -- C:\Users\Nicole\P1010798.JPG
[2011/11/19 16:31:31 | 000,004,272 | ---- | C] () -- C:\Users\Nicole\P1010852.JPG
[2011/11/19 16:31:31 | 000,004,239 | ---- | C] () -- C:\Users\Nicole\P1010832.JPG
[2011/11/19 16:31:31 | 000,004,130 | ---- | C] () -- C:\Users\Nicole\P1010860.JPG
[2011/11/19 16:31:31 | 000,004,099 | ---- | C] () -- C:\Users\Nicole\P1010816.JPG
[2011/11/19 16:31:31 | 000,004,080 | ---- | C] () -- C:\Users\Nicole\P1010854.JPG
[2011/11/19 16:31:31 | 000,004,036 | ---- | C] () -- C:\Users\Nicole\P1010842.JPG
[2011/11/19 16:31:31 | 000,004,016 | ---- | C] () -- C:\Users\Nicole\P1010797.JPG
[2011/11/19 16:31:31 | 000,003,920 | ---- | C] () -- C:\Users\Nicole\P1010851.JPG
[2011/11/19 16:31:31 | 000,003,867 | ---- | C] () -- C:\Users\Nicole\P1010856.JPG
[2011/11/19 16:31:31 | 000,003,860 | ---- | C] () -- C:\Users\Nicole\P1010863.JPG
[2011/11/19 16:31:31 | 000,003,818 | ---- | C] () -- C:\Users\Nicole\P1010801.JPG
[2011/11/19 16:31:31 | 000,003,740 | ---- | C] () -- C:\Users\Nicole\P1010808.JPG
[2011/11/19 16:31:31 | 000,003,702 | ---- | C] () -- C:\Users\Nicole\P1010858.JPG
[2011/11/19 16:31:31 | 000,003,674 | ---- | C] () -- C:\Users\Nicole\P1010847.JPG
[2011/11/19 16:31:31 | 000,003,671 | ---- | C] () -- C:\Users\Nicole\P1010850.JPG
[2011/11/19 16:31:31 | 000,003,658 | ---- | C] () -- C:\Users\Nicole\P1010803.JPG
[2011/11/19 16:31:31 | 000,003,618 | ---- | C] () -- C:\Users\Nicole\P1010814.JPG
[2011/11/19 16:31:31 | 000,003,594 | ---- | C] () -- C:\Users\Nicole\P1010799.JPG
[2011/11/19 16:31:31 | 000,003,580 | ---- | C] () -- C:\Users\Nicole\P1010849.JPG
[2011/11/19 16:31:31 | 000,003,520 | ---- | C] () -- C:\Users\Nicole\P1010809.JPG
[2011/11/19 16:31:31 | 000,003,519 | ---- | C] () -- C:\Users\Nicole\P1010839.JPG
[2011/11/19 16:31:31 | 000,003,435 | ---- | C] () -- C:\Users\Nicole\P1010800.JPG
[2011/11/19 16:31:31 | 000,003,385 | ---- | C] () -- C:\Users\Nicole\P1010857.JPG
[2011/11/19 16:31:31 | 000,003,373 | ---- | C] () -- C:\Users\Nicole\P1010841.JPG
[2011/11/19 16:31:31 | 000,003,342 | ---- | C] () -- C:\Users\Nicole\P1010804.JPG
[2011/11/19 16:31:31 | 000,003,303 | ---- | C] () -- C:\Users\Nicole\P1010796.JPG
[2011/11/19 16:31:31 | 000,003,282 | ---- | C] () -- C:\Users\Nicole\P1010848.JPG
[2011/11/19 16:31:31 | 000,003,281 | ---- | C] () -- C:\Users\Nicole\P1010802.JPG
[2011/11/19 16:31:31 | 000,003,272 | ---- | C] () -- C:\Users\Nicole\P1010840.JPG
[2011/11/19 16:31:31 | 000,003,234 | ---- | C] () -- C:\Users\Nicole\P1010855.JPG
[2011/11/19 16:31:31 | 000,003,131 | ---- | C] () -- C:\Users\Nicole\P1010815.JPG
[2011/11/19 16:31:31 | 000,003,030 | ---- | C] () -- C:\Users\Nicole\P1010822.JPG
[2011/11/19 16:31:30 | 000,005,865 | ---- | C] () -- C:\Users\Nicole\P1010775.JPG
[2011/11/19 16:31:30 | 000,005,655 | ---- | C] () -- C:\Users\Nicole\P1010774.JPG
[2011/11/19 16:31:30 | 000,005,341 | ---- | C] () -- C:\Users\Nicole\P1010784.JPG
[2011/11/19 16:31:30 | 000,005,146 | ---- | C] () -- C:\Users\Nicole\P1010776.JPG
[2011/11/19 16:31:30 | 000,005,133 | ---- | C] () -- C:\Users\Nicole\P1010783.JPG
[2011/11/19 16:31:30 | 000,005,118 | ---- | C] () -- C:\Users\Nicole\P1010736.JPG
[2011/11/19 16:31:30 | 000,004,944 | ---- | C] () -- C:\Users\Nicole\P1010770.JPG
[2011/11/19 16:31:30 | 000,004,838 | ---- | C] () -- C:\Users\Nicole\P1010777.JPG
[2011/11/19 16:31:30 | 000,004,835 | ---- | C] () -- C:\Users\Nicole\P1010772.JPG
[2011/11/19 16:31:30 | 000,004,830 | ---- | C] () -- C:\Users\Nicole\P1010734.JPG
[2011/11/19 16:31:30 | 000,004,828 | ---- | C] () -- C:\Users\Nicole\P1010727.JPG
[2011/11/19 16:31:30 | 000,004,765 | ---- | C] () -- C:\Users\Nicole\P1010766.JPG
[2011/11/19 16:31:30 | 000,004,722 | ---- | C] () -- C:\Users\Nicole\P1010771.JPG
[2011/11/19 16:31:30 | 000,004,696 | ---- | C] () -- C:\Users\Nicole\P1010741.JPG
[2011/11/19 16:31:30 | 000,004,693 | ---- | C] () -- C:\Users\Nicole\P1010735.JPG
[2011/11/19 16:31:30 | 000,004,578 | ---- | C] () -- C:\Users\Nicole\P1010778.JPG
[2011/11/19 16:31:30 | 000,004,559 | ---- | C] () -- C:\Users\Nicole\P1010745.JPG
[2011/11/19 16:31:30 | 000,004,558 | ---- | C] () -- C:\Users\Nicole\P1010764.JPG
[2011/11/19 16:31:30 | 000,004,552 | ---- | C] () -- C:\Users\Nicole\P1010726.JPG
[2011/11/19 16:31:30 | 000,004,551 | ---- | C] () -- C:\Users\Nicole\P1010782.JPG
[2011/11/19 16:31:30 | 000,004,496 | ---- | C] () -- C:\Users\Nicole\P1010779.JPG
[2011/11/19 16:31:30 | 000,004,489 | ---- | C] () -- C:\Users\Nicole\P1010739.JPG
[2011/11/19 16:31:30 | 000,004,462 | ---- | C] () -- C:\Users\Nicole\P1010768.JPG
[2011/11/19 16:31:30 | 000,004,455 | ---- | C] () -- C:\Users\Nicole\P1010744.JPG
[2011/11/19 16:31:30 | 000,004,451 | ---- | C] () -- C:\Users\Nicole\P1010763.JPG
[2011/11/19 16:31:30 | 000,004,440 | ---- | C] () -- C:\Users\Nicole\P1010728.JPG
[2011/11/19 16:31:30 | 000,004,404 | ---- | C] () -- C:\Users\Nicole\P1010780.JPG
[2011/11/19 16:31:30 | 000,004,403 | ---- | C] () -- C:\Users\Nicole\P1010765.JPG
[2011/11/19 16:31:30 | 000,004,403 | ---- | C] () -- C:\Users\Nicole\P1010732.JPG
[2011/11/19 16:31:30 | 000,004,400 | ---- | C] () -- C:\Users\Nicole\P1010791.JPG
[2011/11/19 16:31:30 | 000,004,397 | ---- | C] () -- C:\Users\Nicole\P1010767.JPG
[2011/11/19 16:31:30 | 000,004,377 | ---- | C] () -- C:\Users\Nicole\P1010781.JPG
[2011/11/19 16:31:30 | 000,004,375 | ---- | C] () -- C:\Users\Nicole\P1010725.JPG
[2011/11/19 16:31:30 | 000,004,371 | ---- | C] () -- C:\Users\Nicole\P1010759.JPG
[2011/11/19 16:31:30 | 000,004,335 | ---- | C] () -- C:\Users\Nicole\P1010742.JPG
[2011/11/19 16:31:30 | 000,004,240 | ---- | C] () -- C:\Users\Nicole\P1010769.JPG
[2011/11/19 16:31:30 | 000,004,179 | ---- | C] () -- C:\Users\Nicole\P1010737.JPG
[2011/11/19 16:31:30 | 000,004,172 | ---- | C] () -- C:\Users\Nicole\P1010738.JPG
[2011/11/19 16:31:30 | 000,004,123 | ---- | C] () -- C:\Users\Nicole\P1010792.JPG
[2011/11/19 16:31:30 | 000,004,117 | ---- | C] () -- C:\Users\Nicole\P1010790.JPG
[2011/11/19 16:31:30 | 000,004,098 | ---- | C] () -- C:\Users\Nicole\P1010743.JPG
[2011/11/19 16:31:30 | 000,004,087 | ---- | C] () -- C:\Users\Nicole\P1010785.JPG
[2011/11/19 16:31:30 | 000,003,988 | ---- | C] () -- C:\Users\Nicole\P1010733.JPG
[2011/11/19 16:31:30 | 000,003,960 | ---- | C] () -- C:\Users\Nicole\P1010730.JPG
[2011/11/19 16:31:30 | 000,003,914 | ---- | C] () -- C:\Users\Nicole\P1010789.JPG
[2011/11/19 16:31:30 | 000,003,910 | ---- | C] () -- C:\Users\Nicole\P1010787.JPG
[2011/11/19 16:31:30 | 000,003,877 | ---- | C] () -- C:\Users\Nicole\P1010731.JPG
[2011/11/19 16:31:30 | 000,003,826 | ---- | C] () -- C:\Users\Nicole\P1010723.JPG
[2011/11/19 16:31:30 | 000,003,770 | ---- | C] () -- C:\Users\Nicole\P1010758.JPG
[2011/11/19 16:31:30 | 000,003,743 | ---- | C] () -- C:\Users\Nicole\P1010760.JPG
[2011/11/19 16:31:30 | 000,003,730 | ---- | C] () -- C:\Users\Nicole\P1010729.JPG
[2011/11/19 16:31:30 | 000,003,649 | ---- | C] () -- C:\Users\Nicole\P1010751.JPG
[2011/11/19 16:31:30 | 000,003,613 | ---- | C] () -- C:\Users\Nicole\P1010757.JPG
[2011/11/19 16:31:30 | 000,003,611 | ---- | C] () -- C:\Users\Nicole\P1010773.JPG
[2011/11/19 16:31:30 | 000,003,586 | ---- | C] () -- C:\Users\Nicole\P1010724.JPG
[2011/11/19 16:31:30 | 000,003,570 | ---- | C] () -- C:\Users\Nicole\P1010748.JPG
[2011/11/19 16:31:30 | 000,003,551 | ---- | C] () -- C:\Users\Nicole\P1010786.JPG
[2011/11/19 16:31:30 | 000,003,514 | ---- | C] () -- C:\Users\Nicole\P1010746.JPG
[2011/11/19 16:31:30 | 000,003,484 | ---- | C] () -- C:\Users\Nicole\P1010756.JPG
[2011/11/19 16:31:30 | 000,003,395 | ---- | C] () -- C:\Users\Nicole\P1010762.JPG
[2011/11/19 16:31:30 | 000,003,361 | ---- | C] () -- C:\Users\Nicole\P1010793.JPG
[2011/11/19 16:31:30 | 000,003,330 | ---- | C] () -- C:\Users\Nicole\P1010761.JPG
[2011/11/19 16:31:30 | 000,003,219 | ---- | C] () -- C:\Users\Nicole\P1010722.JPG
[2011/11/19 16:31:30 | 000,003,051 | ---- | C] () -- C:\Users\Nicole\P1010755.JPG
[2011/11/19 16:31:30 | 000,003,027 | ---- | C] () -- C:\Users\Nicole\P1010740.JPG
[2011/11/19 16:31:30 | 000,003,017 | ---- | C] () -- C:\Users\Nicole\P1010753.JPG
[2011/11/19 16:31:30 | 000,003,016 | ---- | C] () -- C:\Users\Nicole\P1010788.JPG
[2011/11/19 16:31:30 | 000,002,945 | ---- | C] () -- C:\Users\Nicole\P1010749.JPG
[2011/11/19 16:31:30 | 000,002,837 | ---- | C] () -- C:\Users\Nicole\P1010750.JPG
[2011/11/19 16:31:30 | 000,002,757 | ---- | C] () -- C:\Users\Nicole\P1010747.JPG
[2011/11/19 16:31:30 | 000,002,603 | ---- | C] () -- C:\Users\Nicole\P1010752.JPG
[2011/11/19 16:31:30 | 000,001,953 | ---- | C] () -- C:\Users\Nicole\P1010754.JPG
[2011/11/19 16:31:29 | 005,041,560 | ---- | C] () -- C:\Users\Nicole\P1010687.JPG
[2011/11/19 16:31:29 | 000,006,220 | ---- | C] () -- C:\Users\Nicole\P1010696.JPG
[2011/11/19 16:31:29 | 000,006,158 | ---- | C] () -- C:\Users\Nicole\P1010700.JPG
[2011/11/19 16:31:29 | 000,006,122 | ---- | C] () -- C:\Users\Nicole\P1010697.JPG
[2011/11/19 16:31:29 | 000,006,073 | ---- | C] () -- C:\Users\Nicole\P1010707.JPG
[2011/11/19 16:31:29 | 000,006,032 | ---- | C] () -- C:\Users\Nicole\P1010698.JPG
[2011/11/19 16:31:29 | 000,006,018 | ---- | C] () -- C:\Users\Nicole\P1010702.JPG
[2011/11/19 16:31:29 | 000,006,009 | ---- | C] () -- C:\Users\Nicole\P1010703.JPG
[2011/11/19 16:31:29 | 000,005,909 | ---- | C] () -- C:\Users\Nicole\P1010688.JPG
[2011/11/19 16:31:29 | 000,005,905 | ---- | C] () -- C:\Users\Nicole\P1010701.JPG
[2011/11/19 16:31:29 | 000,005,866 | ---- | C] () -- C:\Users\Nicole\P1010705.JPG
[2011/11/19 16:31:29 | 000,005,786 | ---- | C] () -- C:\Users\Nicole\P1010699.JPG
[2011/11/19 16:31:29 | 000,005,711 | ---- | C] () -- C:\Users\Nicole\P1010695.JPG
[2011/11/19 16:31:29 | 000,005,657 | ---- | C] () -- C:\Users\Nicole\P1010716.JPG
[2011/11/19 16:31:29 | 000,005,653 | ---- | C] () -- C:\Users\Nicole\P1010704.JPG
[2011/11/19 16:31:29 | 000,005,581 | ---- | C] () -- C:\Users\Nicole\P1010718.JPG
[2011/11/19 16:31:29 | 000,005,577 | ---- | C] () -- C:\Users\Nicole\P1010717.JPG
[2011/11/19 16:31:29 | 000,005,383 | ---- | C] () -- C:\Users\Nicole\P1010708.JPG
[2011/11/19 16:31:29 | 000,005,216 | ---- | C] () -- C:\Users\Nicole\P1010706.JPG
[2011/11/19 16:31:29 | 000,005,177 | ---- | C] () -- C:\Users\Nicole\P1010715.JPG
[2011/11/19 16:31:29 | 000,004,931 | ---- | C] () -- C:\Users\Nicole\P1010712.JPG
[2011/11/19 16:31:29 | 000,004,721 | ---- | C] () -- C:\Users\Nicole\P1010689.JPG
[2011/11/19 16:31:29 | 000,004,495 | ---- | C] () -- C:\Users\Nicole\P1010691.JPG
[2011/11/19 16:31:29 | 000,004,469 | ---- | C] () -- C:\Users\Nicole\P1010690.JPG
[2011/11/19 16:31:29 | 000,004,290 | ---- | C] () -- C:\Users\Nicole\P1010693.JPG
[2011/11/19 16:31:29 | 000,004,233 | ---- | C] () -- C:\Users\Nicole\P1010714.JPG
[2011/11/19 16:31:29 | 000,004,219 | ---- | C] () -- C:\Users\Nicole\P1010692.JPG
[2011/11/19 16:31:29 | 000,003,910 | ---- | C] () -- C:\Users\Nicole\P1010694.JPG
[2011/11/19 16:31:29 | 000,003,759 | ---- | C] () -- C:\Users\Nicole\P1010713.JPG
[2011/11/19 16:31:29 | 000,003,717 | ---- | C] () -- C:\Users\Nicole\P1010721.JPG
[2011/11/19 16:31:29 | 000,003,631 | ---- | C] () -- C:\Users\Nicole\P1010711.JPG
[2011/11/19 16:31:29 | 000,003,410 | ---- | C] () -- C:\Users\Nicole\P1010719.JPG
[2011/11/19 16:31:29 | 000,003,322 | ---- | C] () -- C:\Users\Nicole\P1010709.JPG
[2011/11/19 16:31:29 | 000,003,221 | ---- | C] () -- C:\Users\Nicole\P1010710.JPG
[2011/11/19 16:31:29 | 000,003,205 | ---- | C] () -- C:\Users\Nicole\P1010720.JPG
[2011/11/19 16:31:28 | 004,675,753 | ---- | C] () -- C:\Users\Nicole\P1010686.JPG
[2011/11/19 16:31:28 | 004,398,320 | ---- | C] () -- C:\Users\Nicole\P1010685.JPG
[2011/11/19 16:31:27 | 004,754,240 | ---- | C] () -- C:\Users\Nicole\P1010684.JPG
[2011/11/19 16:31:26 | 004,478,249 | ---- | C] () -- C:\Users\Nicole\P1010683.JPG
[2011/11/19 16:31:25 | 005,046,492 | ---- | C] () -- C:\Users\Nicole\P1010681.JPG
[2011/11/19 16:31:25 | 004,927,121 | ---- | C] () -- C:\Users\Nicole\P1010682.JPG
[2011/11/19 16:31:24 | 004,673,906 | ---- | C] () -- C:\Users\Nicole\P1010680.JPG
[2011/11/19 16:31:23 | 004,919,513 | ---- | C] () -- C:\Users\Nicole\P1010679.JPG
[2011/11/19 16:31:22 | 004,871,497 | ---- | C] () -- C:\Users\Nicole\P1010678.JPG
[2011/11/19 16:31:22 | 004,845,438 | ---- | C] () -- C:\Users\Nicole\P1010677.JPG
[2011/11/19 16:31:21 | 004,484,467 | ---- | C] () -- C:\Users\Nicole\P1010676.JPG
[2011/11/19 16:31:20 | 004,872,429 | ---- | C] () -- C:\Users\Nicole\P1010675.JPG
[2011/11/19 16:31:20 | 004,844,480 | ---- | C] () -- C:\Users\Nicole\P1010674.JPG
[2011/11/19 16:31:19 | 004,780,925 | ---- | C] () -- C:\Users\Nicole\P1010673.JPG
[2011/11/19 16:31:18 | 004,688,932 | ---- | C] () -- C:\Users\Nicole\P1010671.JPG
[2011/11/19 16:31:18 | 004,260,782 | ---- | C] () -- C:\Users\Nicole\P1010672.JPG
[2011/11/19 16:31:17 | 004,446,100 | ---- | C] () -- C:\Users\Nicole\P1010670.JPG
[2011/11/19 16:31:16 | 004,853,286 | ---- | C] () -- C:\Users\Nicole\P1010669.JPG
[2011/11/19 16:31:16 | 004,506,179 | ---- | C] () -- C:\Users\Nicole\P1010668.JPG
[2011/11/19 16:31:15 | 004,404,087 | ---- | C] () -- C:\Users\Nicole\P1010667.JPG
[2011/11/19 16:31:14 | 003,772,240 | ---- | C] () -- C:\Users\Nicole\P1010665.JPG
[2011/11/19 16:31:14 | 003,092,472 | ---- | C] () -- C:\Users\Nicole\P1010666.JPG
[2011/11/19 16:31:13 | 005,057,542 | ---- | C] () -- C:\Users\Nicole\P1010663.JPG
[2011/11/19 16:31:13 | 004,381,092 | ---- | C] () -- C:\Users\Nicole\P1010664.JPG
[2011/11/19 16:31:12 | 004,838,854 | ---- | C] () -- C:\Users\Nicole\P1010662.JPG
[2011/11/19 16:31:11 | 004,892,295 | ---- | C] () -- C:\Users\Nicole\P1010661.JPG
[2011/11/19 16:31:10 | 005,273,050 | ---- | C] () -- C:\Users\Nicole\P1010659.JPG
[2011/11/19 16:31:10 | 005,096,184 | ---- | C] () -- C:\Users\Nicole\P1010660.JPG
[2011/11/19 16:31:09 | 004,855,820 | ---- | C] () -- C:\Users\Nicole\P1010657.JPG
[2011/11/19 16:31:09 | 004,682,339 | ---- | C] () -- C:\Users\Nicole\P1010658.JPG
[2011/11/19 16:31:08 | 004,895,573 | ---- | C] () -- C:\Users\Nicole\P1010656.JPG
[2011/11/19 16:31:07 | 004,945,807 | ---- | C] () -- C:\Users\Nicole\P1010655.JPG
[2011/11/19 16:31:06 | 004,918,443 | ---- | C] () -- C:\Users\Nicole\P1010654.JPG
[2011/11/19 16:31:06 | 004,690,969 | ---- | C] () -- C:\Users\Nicole\P1010653.JPG
[2011/11/19 16:31:05 | 004,591,994 | ---- | C] () -- C:\Users\Nicole\P1010652.JPG
[2011/11/19 16:31:04 | 004,835,787 | ---- | C] () -- C:\Users\Nicole\P1010651.JPG
[2011/11/19 16:31:04 | 004,419,261 | ---- | C] () -- C:\Users\Nicole\P1010650.JPG
[2011/11/19 16:31:03 | 004,733,049 | ---- | C] () -- C:\Users\Nicole\P1010649.JPG
[2011/11/19 16:31:02 | 005,288,032 | ---- | C] () -- C:\Users\Nicole\P1010648.JPG
[2011/11/19 16:31:02 | 005,031,135 | ---- | C] () -- C:\Users\Nicole\P1010647.JPG
[2011/11/19 16:31:01 | 003,658,157 | ---- | C] () -- C:\Users\Nicole\P1010646.JPG
[2011/11/19 16:31:00 | 004,130,869 | ---- | C] () -- C:\Users\Nicole\P1010645.JPG
[2011/11/19 16:31:00 | 003,477,303 | ---- | C] () -- C:\Users\Nicole\P1010644.JPG
[2011/11/19 16:30:59 | 004,311,757 | ---- | C] () -- C:\Users\Nicole\P1010643.JPG
[2011/11/19 16:30:58 | 004,645,226 | ---- | C] () -- C:\Users\Nicole\P1010641.JPG
[2011/11/19 16:30:58 | 003,735,889 | ---- | C] () -- C:\Users\Nicole\P1010642.JPG
[2011/11/19 16:30:57 | 004,464,254 | ---- | C] () -- C:\Users\Nicole\P1010639.JPG
[2011/11/19 16:30:57 | 004,446,964 | ---- | C] () -- C:\Users\Nicole\P1010640.JPG
[2011/11/19 16:30:56 | 004,406,701 | ---- | C] () -- C:\Users\Nicole\P1010638.JPG
[2011/11/19 16:30:55 | 004,475,894 | ---- | C] () -- C:\Users\Nicole\P1010636.JPG
[2011/11/19 16:30:55 | 004,397,074 | ---- | C] () -- C:\Users\Nicole\P1010637.JPG
[2011/11/19 16:30:54 | 003,914,174 | ---- | C] () -- C:\Users\Nicole\P1010635.JPG
[2011/11/19 16:30:53 | 004,849,106 | ---- | C] () -- C:\Users\Nicole\P1010633.JPG
[2011/11/19 16:30:53 | 004,451,616 | ---- | C] () -- C:\Users\Nicole\P1010634.JPG
[2011/11/19 16:30:52 | 004,275,147 | ---- | C] () -- C:\Users\Nicole\P1010632.JPG
[2011/11/19 16:30:51 | 004,302,484 | ---- | C] () -- C:\Users\Nicole\P1010631.JPG
[2011/11/19 16:30:51 | 004,301,215 | ---- | C] () -- C:\Users\Nicole\P1010630.JPG
[2011/11/19 16:30:50 | 004,702,516 | ---- | C] () -- C:\Users\Nicole\P1010629.JPG
[2011/11/19 16:30:49 | 005,150,644 | ---- | C] () -- C:\Users\Nicole\P1010628.JPG
[2011/11/19 16:30:48 | 004,774,944 | ---- | C] () -- C:\Users\Nicole\P1010627.JPG
[2011/11/19 16:30:48 | 004,520,301 | ---- | C] () -- C:\Users\Nicole\P1010626.JPG
[2011/11/19 16:30:47 | 004,392,444 | ---- | C] () -- C:\Users\Nicole\P1010625.JPG
[2011/11/19 16:30:46 | 004,502,882 | ---- | C] () -- C:\Users\Nicole\P1010623.JPG
[2011/11/19 16:30:46 | 004,186,384 | ---- | C] () -- C:\Users\Nicole\P1010624.JPG
[2011/11/19 16:30:45 | 004,495,400 | ---- | C] () -- C:\Users\Nicole\P1010622.JPG
[2011/11/19 16:30:44 | 004,747,191 | ---- | C] () -- C:\Users\Nicole\P1010620.JPG
[2011/11/19 16:30:44 | 004,734,142 | ---- | C] () -- C:\Users\Nicole\P1010621.JPG
[2011/11/19 16:30:43 | 004,682,807 | ---- | C] () -- C:\Users\Nicole\P1010618.JPG
[2011/11/19 16:30:43 | 004,607,416 | ---- | C] () -- C:\Users\Nicole\P1010619.JPG
[2011/11/19 16:30:42 | 004,940,614 | ---- | C] () -- C:\Users\Nicole\P1010617.JPG
[2011/11/19 16:30:41 | 004,909,961 | ---- | C] () -- C:\Users\Nicole\P1010616.JPG
[2011/11/19 16:30:41 | 004,758,283 | ---- | C] () -- C:\Users\Nicole\P1010615.JPG
[2011/11/19 16:30:40 | 004,166,526 | ---- | C] () -- C:\Users\Nicole\P1010614.JPG
[2011/11/19 16:30:39 | 004,758,232 | ---- | C] () -- C:\Users\Nicole\P1010612.JPG
[2011/11/19 16:30:39 | 004,369,310 | ---- | C] () -- C:\Users\Nicole\P1010613.JPG
[2011/11/19 16:30:38 | 004,163,365 | ---- | C] () -- C:\Users\Nicole\P1010611.JPG
[2011/11/19 16:30:37 | 004,980,182 | ---- | C] () -- C:\Users\Nicole\P1010609.JPG
[2011/11/19 16:30:37 | 004,449,843 | ---- | C] () -- C:\Users\Nicole\P1010610.JPG
[2011/11/19 16:30:36 | 004,388,915 | ---- | C] () -- C:\Users\Nicole\P1010608.JPG
[2011/11/19 16:30:36 | 004,273,359 | ---- | C] () -- C:\Users\Nicole\P1010607.JPG
[2011/11/19 16:30:35 | 004,520,270 | ---- | C] () -- C:\Users\Nicole\P1010606.JPG
[2011/11/19 16:30:34 | 004,492,142 | ---- | C] () -- C:\Users\Nicole\P1010605.JPG
[2011/11/19 16:30:34 | 004,433,551 | ---- | C] () -- C:\Users\Nicole\P1010604.JPG
[2011/11/19 16:30:33 | 004,236,015 | ---- | C] () -- C:\Users\Nicole\P1010603.JPG
[2011/11/19 16:30:32 | 004,483,858 | ---- | C] () -- C:\Users\Nicole\P1010601.JPG
[2011/11/19 16:30:32 | 004,253,956 | ---- | C] () -- C:\Users\Nicole\P1010602.JPG
[2011/11/19 16:30:31 | 004,480,308 | ---- | C] () -- C:\Users\Nicole\P1010600.JPG
[2011/11/19 16:30:30 | 004,460,701 | ---- | C] () -- C:\Users\Nicole\P1010599.JPG
[2011/11/19 16:30:30 | 004,457,266 | ---- | C] () -- C:\Users\Nicole\P1010598.JPG
[2011/11/19 16:30:29 | 004,503,551 | ---- | C] () -- C:\Users\Nicole\P1010597.JPG
[2011/11/19 16:30:28 | 004,437,858 | ---- | C] () -- C:\Users\Nicole\P1010596.JPG
[2011/11/19 16:30:28 | 004,392,099 | ---- | C] () -- C:\Users\Nicole\P1010595.JPG
[2011/11/19 16:30:27 | 004,469,382 | ---- | C] () -- C:\Users\Nicole\P1010594.JPG
[2011/11/19 16:30:26 | 004,731,636 | ---- | C] () -- C:\Users\Nicole\P1010592.JPG
[2011/11/19 16:30:26 | 004,560,527 | ---- | C] () -- C:\Users\Nicole\P1010593.JPG
[2011/11/19 16:30:25 | 004,649,108 | ---- | C] () -- C:\Users\Nicole\P1010591.JPG
[2011/11/19 16:30:24 | 004,747,209 | ---- | C] () -- C:\Users\Nicole\P1010590.JPG
[2011/11/19 16:30:24 | 004,580,771 | ---- | C] () -- C:\Users\Nicole\P1010589.JPG
[2011/11/19 16:30:23 | 004,642,782 | ---- | C] () -- C:\Users\Nicole\P1010588.JPG
[2011/11/19 16:30:22 | 004,602,005 | ---- | C] () -- C:\Users\Nicole\P1010587.JPG
[2011/11/19 16:30:22 | 004,398,506 | ---- | C] () -- C:\Users\Nicole\P1010586.JPG
[2011/11/19 16:30:21 | 004,721,822 | ---- | C] () -- C:\Users\Nicole\P1010585.JPG
[2011/11/19 16:30:20 | 004,663,321 | ---- | C] () -- C:\Users\Nicole\P1010584.JPG
[2011/11/19 16:30:20 | 004,178,828 | ---- | C] () -- C:\Users\Nicole\P1010583.JPG
[2011/11/19 16:30:19 | 004,510,588 | ---- | C] () -- C:\Users\Nicole\P1010582.JPG
[2011/11/19 16:30:19 | 004,399,145 | ---- | C] () -- C:\Users\Nicole\P1010581.JPG
[2011/11/19 16:30:18 | 004,646,131 | ---- | C] () -- C:\Users\Nicole\P1010580.JPG
[2011/11/19 16:30:17 | 004,713,631 | ---- | C] () -- C:\Users\Nicole\P1010579.JPG
[2011/11/19 16:30:17 | 004,593,978 | ---- | C] () -- C:\Users\Nicole\P1010578.JPG
[2011/11/19 16:30:16 | 004,607,214 | ---- | C] () -- C:\Users\Nicole\P1010577.JPG
[2011/11/19 16:30:15 | 004,592,109 | ---- | C] () -- C:\Users\Nicole\P1010575.JPG
[2011/11/19 16:30:15 | 004,236,101 | ---- | C] () -- C:\Users\Nicole\P1010576.JPG
[2011/11/19 16:30:14 | 004,776,601 | ---- | C] () -- C:\Users\Nicole\P1010570.JPG
[2011/11/19 16:30:14 | 004,589,177 | ---- | C] () -- C:\Users\Nicole\P1010573.JPG
[2011/11/19 16:30:14 | 004,499,172 | ---- | C] () -- C:\Users\Nicole\P1010574.JPG
[2011/11/19 16:30:14 | 004,405,122 | ---- | C] () -- C:\Users\Nicole\P1010572.JPG
[2011/11/19 16:30:14 | 004,393,823 | ---- | C] () -- C:\Users\Nicole\P1010571.JPG
[2011/11/19 16:30:13 | 004,670,043 | ---- | C] () -- C:\Users\Nicole\P1010564.JPG
[2011/11/19 16:30:13 | 004,536,811 | ---- | C] () -- C:\Users\Nicole\P1010563.JPG
[2011/11/19 16:30:13 | 004,532,147 | ---- | C] () -- C:\Users\Nicole\P1010568.JPG
[2011/11/19 16:30:13 | 004,526,667 | ---- | C] () -- C:\Users\Nicole\P1010569.JPG
[2011/11/19 16:30:13 | 004,512,997 | ---- | C] () -- C:\Users\Nicole\P1010567.JPG
[2011/11/19 16:30:13 | 004,427,124 | ---- | C] () -- C:\Users\Nicole\P1010561.JPG
[2011/11/19 16:30:13 | 004,402,685 | ---- | C] () -- C:\Users\Nicole\P1010566.JPG
[2011/11/19 16:30:13 | 004,349,909 | ---- | C] () -- C:\Users\Nicole\P1010562.JPG
[2011/11/19 16:30:13 | 004,282,582 | ---- | C] () -- C:\Users\Nicole\P1010565.JPG
[2011/11/19 16:30:12 | 004,851,337 | ---- | C] () -- C:\Users\Nicole\P1010554.JPG
[2011/11/19 16:30:12 | 004,744,322 | ---- | C] () -- C:\Users\Nicole\P1010552.JPG
[2011/11/19 16:30:12 | 004,697,464 | ---- | C] () -- C:\Users\Nicole\P1010560.JPG
[2011/11/19 16:30:12 | 004,643,230 | ---- | C] () -- C:\Users\Nicole\P1010555.JPG
[2011/11/19 16:30:12 | 004,635,222 | ---- | C] () -- C:\Users\Nicole\P1010553.JPG
[2011/11/19 16:30:12 | 004,631,556 | ---- | C] () -- C:\Users\Nicole\P1010557.JPG
[2011/11/19 16:30:12 | 004,573,570 | ---- | C] () -- C:\Users\Nicole\P1010559.JPG
[2011/11/19 16:30:12 | 004,115,586 | ---- | C] () -- C:\Users\Nicole\P1010558.JPG
[2011/11/19 16:30:12 | 004,047,831 | ---- | C] () -- C:\Users\Nicole\P1010556.JPG
[2011/11/19 16:30:11 | 004,693,346 | ---- | C] () -- C:\Users\Nicole\P1010547.JPG
[2011/11/19 16:30:11 | 004,647,585 | ---- | C] () -- C:\Users\Nicole\P1010551.JPG
[2011/11/19 16:30:11 | 004,603,962 | ---- | C] () -- C:\Users\Nicole\P1010549.JPG
[2011/11/19 16:30:11 | 004,503,246 | ---- | C] () -- C:\Users\Nicole\P1010548.JPG
[2011/11/19 16:30:11 | 004,228,010 | ---- | C] () -- C:\Users\Nicole\P1010550.JPG
[2011/11/19 16:30:10 | 004,069,886 | ---- | C] () -- C:\Users\Nicole\P1010497.JPG
[2011/11/19 16:30:10 | 002,883,504 | ---- | C] () -- C:\Users\Nicole\P1010546.JPG
[2011/11/05 15:54:53 | 000,049,244 | ---- | C] () -- C:\Windows\System32\LXEFPMON.DLL
[2011/11/05 15:54:53 | 000,036,960 | ---- | C] () -- C:\Windows\System32\LXEFFXPU.DLL
[2011/11/05 15:54:33 | 004,669,440 | ---- | C] () -- C:\Windows\System32\LXEFoem.dll
[2011/11/05 15:51:14 | 000,025,088 | ---- | C] () -- C:\Windows\System32\LXEFsmr.dll
[2011/11/05 15:51:13 | 000,630,784 | ---- | C] () -- C:\Windows\System32\LXEFsm.dll
[2011/07/11 12:16:15 | 001,341,906 | ---- | C] () -- C:\Users\Nicole\Rock Climbing.jpg
[2011/05/18 18:26:53 | 000,001,940 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/01 10:51:40 | 000,000,867 | ---- | C] () -- C:\Users\Nicole\.recently-used.xbel
[2011/03/30 16:39:13 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/03/05 10:54:14 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\Wireless
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/01/26 11:24:09 | 000,000,111 | ---- | C] () -- C:\Users\Nicole\webct_upload_applet.properties
[2010/10/01 13:21:03 | 000,206,374 | ---- | C] () -- C:\Users\Nicole\AppData\Local\debuggee.mdmp
[2010/09/03 16:40:08 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/03 16:40:08 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/03 16:40:08 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/03 16:40:08 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/03 16:40:08 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/03 16:40:08 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/03 16:40:08 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/03 16:40:08 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/03 16:40:08 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/03 16:40:08 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/09/03 16:40:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/03 16:40:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/03 16:40:08 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/03 16:40:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/03 16:40:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/03 16:40:08 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/09/03 16:40:08 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/09/03 16:40:08 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/03 16:40:08 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/20 15:09:14 | 000,000,680 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2010/06/16 11:09:59 | 000,027,136 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 06:45:03 | 000,031,007 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\UserTile.png

========== LOP Check ==========

[2012/08/14 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\.minecraft
[2008/08/28 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\acccore
[2012/05/02 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\authorSTREAM
[2012/05/01 10:48:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Bigasoft Total Video Converter
[2009/05/30 19:54:47 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canon
[2011/09/04 08:24:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Catalina Marketing Corp
[2010/02/11 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Clip Art Collection
[2009/09/23 08:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/08 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DAEMON Tools Lite
[2012/08/25 09:46:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DriverCure
[2012/05/01 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2012/05/01 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/06/13 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Facebook
[2010/03/23 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\FileZilla
[2009/07/06 12:00:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GetRightToGo
[2011/05/01 10:51:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gtk-2.0
[2008/08/31 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Individual Software
[2009/02/27 07:06:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\InterVideo
[2011/03/29 09:01:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\KeePass
[2010/02/11 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Notepad++
[2011/03/22 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OfficeRecovery
[2011/03/22 20:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OfficeRecovery.e6af13ee
[2010/10/30 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Opera
[2010/06/16 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Panasonic
[2008/08/30 06:45:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PeerNetworking
[2012/08/26 15:00:05 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Qwiklinx
[2012/08/25 09:45:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SpeedyPC Software
[2012/02/12 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TaxCut
[2010/06/03 17:03:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Thunderbird
[2011/03/14 07:57:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Uniblue
[2012/05/02 11:30:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\VistaCodecs
[2012/08/26 14:47:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WhiteSmoke
[2010/10/27 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Windows Live Writer
[2012/08/25 14:17:52 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/26 14:47:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 400 bytes -> C:\Users\Nicole\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 27th, 2012, 6:28 pm

The below info is from the OTL.txt notepad info, however, I never saw a minimized "Extras.txt". Also want to point out that when i downloaded OTL, Norton popped up with a warning stating that I am one of very few people ever to download OTL. I obviously downloaded it anyway.


OTL logfile created on: 8/27/2012 6:11:24 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Nicole\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 42.91% Memory free
6.69 Gb Paging File | 4.45 Gb Available in Paging File | 66.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 447.70 Gb Total Space | 370.88 Gb Free Space | 82.84% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nicole\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Users\Nicole\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
PRC - C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
PRC - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
MOD - C:\Program Files\WhiteSmoke\WSEngine.dll ()
MOD - C:\Program Files\Lenovo\VeriFace\IcnOvrly.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Services (SafeList) ==========

SRV - (FreemakeVideoCapture) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS File not found
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS File not found
DRV - (sxuptp) -- system32\DRIVERS\sxuptp.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\Nicole\AppData\Local\Temp\mbr.sys File not found
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\RaInfo.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.005\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (ntdisk) -- C:\Windows\System32\drivers\ntdisk.sys ()
DRV - (VMC410) -- C:\Windows\System32\drivers\VMC410.sys (Vimicro Corporation)
DRV - (safnt) -- C:\Windows\System32\drivers\safnt.sys ()
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/red ... 843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120818223929736&tb_oid=18-08-2012&tb_mrud=18-08-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/sli ... 706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp= ... 3EFFBD6&q={searchTerms}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/red ... 843&query={searchTerms}&invocationType=tb50-ie-adknowledgeaol-chromesbox-en-us&tb_uuid=20120818223929736&tb_oid=18-08-2012&tb_mrud=18-08-2012
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_en
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{BFA03550-B002-4B5B-93B3-1E30E7E6E311}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7GPTB_en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box&a=DgVfwupoIZ
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nicole\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/11 17:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/25 14:25:51 | 000,000,000 | ---D | M]

[2012/01/29 11:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2010/06/03 17:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/29 11:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/28 10:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 18:34:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 13:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 13:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 10:16:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/09 06:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/22 06:28:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/04 08:24:20 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - homepage: http://www.netvibes.com/privatepage/1#General
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.netvibes.com/privatepage/1#General
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/npcapture.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Webpage Screenshot Chrome Plugin (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\plugin/np.dll
CHR - plugin: Lightshot (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\1.4.0_0\npLightshot.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Nicole\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Nicole\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: Google Drive = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.1_0\
CHR - Extension: Splendid = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: My Shortcuts = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcpobipejlbogodeiendpdgcdambjgo\2.6.1_0\
CHR - Extension: Cloud Reader = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: YouTube = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Facebook = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Note Anywhere = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh\0.5.1_0\
CHR - Extension: Pixlr Grabber - Screen capture/image grabbing = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn\1.0_1\
CHR - Extension: Proofread Bot = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjnnmmjgjaaomkcjibnncokikbianjap\1_1\
CHR - Extension: Webpage Screenshot = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Google Search = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Apture = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppaadhnncohnjgallikmjdonfliciek\2.3.0_0\
CHR - Extension: PicMonkey = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.4_0\
CHR - Extension: Highlight to Search = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg\1.0.36_0\
CHR - Extension: Click&Clean = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: IE Tab = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\
CHR - Extension: Plugin helper for chrome = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0\
CHR - Extension: Google Share Button = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\idaeealfhcijmeigljaopafdapgijdcb\1.1.0.12_0\
CHR - Extension: iPiccy Photo Editor = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Dictionary Lookup = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipdjaafajlfiopcppipdinmcjbcpofhd\4.3.1_0\
CHR - Extension: StumbleUpon = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\
CHR - Extension: Grammar and Spell Checker by Ginger = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh\0.1.0.67_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\2.8.1_1\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Google Mail Checker = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Springpad Extension = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: Gmail = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Mitto Password Manager = C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkoloponjbmmlpligfeffepebbkmken\0.7_0\

O1 HOSTS File: ([2009/11/17 19:29:38 | 000,000,049 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (VideoFileDownload) - {625F420E-A4A9-4B40-BC23-716C1C43893A} - C:\Program Files\OApps\bho.dll (VideoFileDownload)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E)" -"http://www.miniclip.com/games/masters-of-wrestling/en/webgame.php" File not found
O4 - HKCU..\RunOnce: [WhiteSmoke] C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe ()
O4 - Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk = C:\Program Files\WhiteSmoke\WSEnrichment.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: exodusvipdesk.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vipdesk.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: PackageCab http://www.imgag.com/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5F3DAC4-07E6-4333-ACD2-6460FBD1EE7D}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{72f659eb-16e6-11df-b091-001e90a530f6}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{72f659eb-16e6-11df-b091-001e90a530f6}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{a0d412cd-1511-11df-b36f-001e90a530f6}\Shell - "" = AutoRun
O33 - MountPoints2\{a0d412cd-1511-11df-b36f-001e90a530f6}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 14:04:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/25 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\DriverCure
[2012/08/25 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SpeedyPC Software
[2012/08/25 09:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/08/25 09:44:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\SpeedyPC
[2012/08/25 07:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012/08/19 05:21:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\AOL Toolbar
[2012/08/18 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Zoom_Downloader
[2012/08/18 18:40:56 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\ShopToWin
[2012/08/18 18:40:49 | 000,000,000 | ---D | C] -- C:\extensions
[2012/08/18 18:40:46 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Qwiklinx
[2012/08/18 18:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2012/08/18 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2012/08/18 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2012/08/18 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Documents\New Folder
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/27 17:51:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 17:51:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404251217-2559953846-1342176442-1004UA.job
[2012/08/27 17:51:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 17:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 04:46:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 04:46:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 14:57:55 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404251217-2559953846-1342176442-1004Core.job
[2012/08/26 14:47:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 14:47:24 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/26 14:47:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/25 13:46:05 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/25 06:13:29 | 000,000,038 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\mbam.context.scan
[2012/08/21 21:25:11 | 000,002,009 | ---- | M] () -- C:\Users\Nicole\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 21:25:10 | 000,002,047 | ---- | M] () -- C:\Users\Nicole\Desktop\Google Chrome.lnk
[2012/08/16 03:31:57 | 002,589,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 12:28:40 | 000,000,495 | ---- | M] () -- C:\Users\Nicole\Desktop\server.properties
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 09:45:21 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/08/25 06:13:29 | 000,000,038 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\mbam.context.scan
[2012/07/17 18:38:13 | 000,000,220 | ---- | C] () -- C:\Windows\WinInit.Ini
[2012/02/12 16:36:32 | 000,065,780 | ---- | C] () -- C:\Users\Nicole\Michael Rubin 2011 Tax Return..T11
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/01/28 12:12:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/02 14:58:13 | 000,000,942 | ---- | C] () -- C:\ProgramData\5484catsverfile.xml
[2012/01/02 14:28:08 | 000,000,942 | ---- | C] () -- C:\ProgramData\32368catsverfile.xml
[2011/12/30 13:35:17 | 000,000,942 | ---- | C] () -- C:\ProgramData\27543catsverfile.xml
[2011/12/30 13:33:08 | 000,000,942 | ---- | C] () -- C:\ProgramData\27098catsverfile.xml
[2011/12/30 13:17:28 | 000,000,942 | ---- | C] () -- C:\ProgramData\24052catsverfile.xml
[2011/12/30 11:18:45 | 000,000,942 | ---- | C] () -- C:\ProgramData\781catsverfile.xml
[2011/11/19 16:31:34 | 000,006,571 | ---- | C] () -- C:\Users\Nicole\P1010971.JPG
[2011/11/19 16:31:34 | 000,006,207 | ---- | C] () -- C:\Users\Nicole\P1010973.JPG
[2011/11/19 16:31:34 | 000,006,162 | ---- | C] () -- C:\Users\Nicole\P1010972.JPG
[2011/11/19 16:31:34 | 000,006,065 | ---- | C] () -- C:\Users\Nicole\P1010974.JPG
[2011/11/19 16:31:34 | 000,006,055 | ---- | C] () -- C:\Users\Nicole\P1010965.JPG
[2011/11/19 16:31:34 | 000,005,877 | ---- | C] () -- C:\Users\Nicole\P1010964.JPG
[2011/11/19 16:31:34 | 000,005,548 | ---- | C] () -- C:\Users\Nicole\P1010968.JPG
[2011/11/19 16:31:34 | 000,005,477 | ---- | C] () -- C:\Users\Nicole\P1010969.JPG
[2011/11/19 16:31:34 | 000,005,241 | ---- | C] () -- C:\Users\Nicole\P1010975.JPG
[2011/11/19 16:31:34 | 000,004,983 | ---- | C] () -- C:\Users\Nicole\P1010967.JPG
[2011/11/19 16:31:34 | 000,004,892 | ---- | C] () -- C:\Users\Nicole\P1010970.JPG
[2011/11/19 16:31:34 | 000,004,850 | ---- | C] () -- C:\Users\Nicole\P1010962.JPG
[2011/11/19 16:31:34 | 000,004,840 | ---- | C] () -- C:\Users\Nicole\P1010976.JPG
[2011/11/19 16:31:34 | 000,004,835 | ---- | C] () -- C:\Users\Nicole\P1010966.JPG
[2011/11/19 16:31:34 | 000,004,818 | ---- | C] () -- C:\Users\Nicole\P1010963.JPG
[2011/11/19 16:31:34 | 000,004,552 | ---- | C] () -- C:\Users\Nicole\P1010953.JPG
[2011/11/19 16:31:34 | 000,004,537 | ---- | C] () -- C:\Users\Nicole\P1010978.JPG
[2011/11/19 16:31:34 | 000,004,420 | ---- | C] () -- C:\Users\Nicole\P1010956.JPG
[2011/11/19 16:31:34 | 000,004,255 | ---- | C] () -- C:\Users\Nicole\P1010955.JPG
[2011/11/19 16:31:34 | 000,004,221 | ---- | C] () -- C:\Users\Nicole\P1010977.JPG
[2011/11/19 16:31:34 | 000,004,178 | ---- | C] () -- C:\Users\Nicole\P1010958.JPG
[2011/11/19 16:31:34 | 000,004,165 | ---- | C] () -- C:\Users\Nicole\P1010951.JPG
[2011/11/19 16:31:34 | 000,004,037 | ---- | C] () -- C:\Users\Nicole\P1010950.JPG
[2011/11/19 16:31:34 | 000,004,000 | ---- | C] () -- C:\Users\Nicole\P1010954.JPG
[2011/11/19 16:31:34 | 000,003,997 | ---- | C] () -- C:\Users\Nicole\P1010959.JPG
[2011/11/19 16:31:34 | 000,003,993 | ---- | C] () -- C:\Users\Nicole\P1010979.JPG
[2011/11/19 16:31:34 | 000,003,955 | ---- | C] () -- C:\Users\Nicole\P1010952.JPG
[2011/11/19 16:31:34 | 000,003,908 | ---- | C] () -- C:\Users\Nicole\P1010984.JPG
[2011/11/19 16:31:34 | 000,003,877 | ---- | C] () -- C:\Users\Nicole\P1010957.JPG
[2011/11/19 16:31:34 | 000,003,861 | ---- | C] () -- C:\Users\Nicole\P1010961.JPG
[2011/11/19 16:31:34 | 000,003,764 | ---- | C] () -- C:\Users\Nicole\P1010983.JPG
[2011/11/19 16:31:34 | 000,003,748 | ---- | C] () -- C:\Users\Nicole\P1010949.JPG
[2011/11/19 16:31:34 | 000,003,647 | ---- | C] () -- C:\Users\Nicole\P1010960.JPG
[2011/11/19 16:31:34 | 000,003,642 | ---- | C] () -- C:\Users\Nicole\P1010980.JPG
[2011/11/19 16:31:34 | 000,003,532 | ---- | C] () -- C:\Users\Nicole\P1010981.JPG
[2011/11/19 16:31:34 | 000,003,404 | ---- | C] () -- C:\Users\Nicole\P1010982.JPG
[2011/11/19 16:31:34 | 000,003,021 | ---- | C] () -- C:\Users\Nicole\P1010986.JPG
[2011/11/19 16:31:34 | 000,002,844 | ---- | C] () -- C:\Users\Nicole\P1010985.JPG
[2011/11/19 16:31:33 | 000,005,981 | ---- | C] () -- C:\Users\Nicole\P1010907.JPG
[2011/11/19 16:31:33 | 000,005,695 | ---- | C] () -- C:\Users\Nicole\P1010909.JPG
[2011/11/19 16:31:33 | 000,005,677 | ---- | C] () -- C:\Users\Nicole\P1010905.JPG
[2011/11/19 16:31:33 | 000,005,662 | ---- | C] () -- C:\Users\Nicole\P1010913.JPG
[2011/11/19 16:31:33 | 000,005,581 | ---- | C] () -- C:\Users\Nicole\P1010914.JPG
[2011/11/19 16:31:33 | 000,005,477 | ---- | C] () -- C:\Users\Nicole\P1010906.JPG
[2011/11/19 16:31:33 | 000,005,466 | ---- | C] () -- C:\Users\Nicole\P1010908.JPG
[2011/11/19 16:31:33 | 000,005,297 | ---- | C] () -- C:\Users\Nicole\P1010933.JPG
[2011/11/19 16:31:33 | 000,005,259 | ---- | C] () -- C:\Users\Nicole\P1010912.JPG
[2011/11/19 16:31:33 | 000,005,129 | ---- | C] () -- C:\Users\Nicole\P1010918.JPG
[2011/11/19 16:31:33 | 000,005,037 | ---- | C] () -- C:\Users\Nicole\P1010922.JPG
[2011/11/19 16:31:33 | 000,005,024 | ---- | C] () -- C:\Users\Nicole\P1010910.JPG
[2011/11/19 16:31:33 | 000,005,004 | ---- | C] () -- C:\Users\Nicole\P1010947.JPG
[2011/11/19 16:31:33 | 000,004,957 | ---- | C] () -- C:\Users\Nicole\P1010911.JPG
[2011/11/19 16:31:33 | 000,004,874 | ---- | C] () -- C:\Users\Nicole\P1010946.JPG
[2011/11/19 16:31:33 | 000,004,807 | ---- | C] () -- C:\Users\Nicole\P1010916.JPG
[2011/11/19 16:31:33 | 000,004,805 | ---- | C] () -- C:\Users\Nicole\P1010945.JPG
[2011/11/19 16:31:33 | 000,004,784 | ---- | C] () -- C:\Users\Nicole\P1010919.JPG
[2011/11/19 16:31:33 | 000,004,765 | ---- | C] () -- C:\Users\Nicole\P1010944.JPG
[2011/11/19 16:31:33 | 000,004,731 | ---- | C] () -- C:\Users\Nicole\P1010925.JPG
[2011/11/19 16:31:33 | 000,004,667 | ---- | C] () -- C:\Users\Nicole\P1010930.JPG
[2011/11/19 16:31:33 | 000,004,636 | ---- | C] () -- C:\Users\Nicole\P1010939.JPG
[2011/11/19 16:31:33 | 000,004,629 | ---- | C] () -- C:\Users\Nicole\P1010920.JPG
[2011/11/19 16:31:33 | 000,004,596 | ---- | C] () -- C:\Users\Nicole\P1010921.JPG
[2011/11/19 16:31:33 | 000,004,590 | ---- | C] () -- C:\Users\Nicole\P1010915.JPG
[2011/11/19 16:31:33 | 000,004,523 | ---- | C] () -- C:\Users\Nicole\P1010929.JPG
[2011/11/19 16:31:33 | 000,004,462 | ---- | C] () -- C:\Users\Nicole\P1010917.JPG
[2011/11/19 16:31:33 | 000,004,409 | ---- | C] () -- C:\Users\Nicole\P1010932.JPG
[2011/11/19 16:31:33 | 000,004,377 | ---- | C] () -- C:\Users\Nicole\P1010941.JPG
[2011/11/19 16:31:33 | 000,004,361 | ---- | C] () -- C:\Users\Nicole\P1010923.JPG
[2011/11/19 16:31:33 | 000,004,344 | ---- | C] () -- C:\Users\Nicole\P1010935.JPG
[2011/11/19 16:31:33 | 000,004,335 | ---- | C] () -- C:\Users\Nicole\P1010934.JPG
[2011/11/19 16:31:33 | 000,004,305 | ---- | C] () -- C:\Users\Nicole\P1010937.JPG
[2011/11/19 16:31:33 | 000,004,272 | ---- | C] () -- C:\Users\Nicole\P1010927.JPG
[2011/11/19 16:31:33 | 000,004,127 | ---- | C] () -- C:\Users\Nicole\P1010948.JPG
[2011/11/19 16:31:33 | 000,004,116 | ---- | C] () -- C:\Users\Nicole\P1010938.JPG
[2011/11/19 16:31:33 | 000,004,064 | ---- | C] () -- C:\Users\Nicole\P1010940.JPG
[2011/11/19 16:31:33 | 000,004,015 | ---- | C] () -- C:\Users\Nicole\P1010942.JPG
[2011/11/19 16:31:33 | 000,003,998 | ---- | C] () -- C:\Users\Nicole\P1010926.JPG
[2011/11/19 16:31:33 | 000,003,928 | ---- | C] () -- C:\Users\Nicole\P1010928.JPG
[2011/11/19 16:31:33 | 000,003,898 | ---- | C] () -- C:\Users\Nicole\P1010931.JPG
[2011/11/19 16:31:33 | 000,003,774 | ---- | C] () -- C:\Users\Nicole\P1010943.JPG
[2011/11/19 16:31:33 | 000,003,489 | ---- | C] () -- C:\Users\Nicole\P1010936.JPG
[2011/11/19 16:31:33 | 000,003,030 | ---- | C] () -- C:\Users\Nicole\P1010924.JPG
[2011/11/19 16:31:32 | 000,006,755 | ---- | C] () -- C:\Users\Nicole\P1010896.JPG
[2011/11/19 16:31:32 | 000,006,250 | ---- | C] () -- C:\Users\Nicole\P1010883.JPG
[2011/11/19 16:31:32 | 000,006,157 | ---- | C] () -- C:\Users\Nicole\P1010897.JPG
[2011/11/19 16:31:32 | 000,006,107 | ---- | C] () -- C:\Users\Nicole\P1010892.JPG
[2011/11/19 16:31:32 | 000,006,097 | ---- | C] () -- C:\Users\Nicole\P1010882.JPG
[2011/11/19 16:31:32 | 000,005,952 | ---- | C] () -- C:\Users\Nicole\P1010900.JPG
[2011/11/19 16:31:32 | 000,005,938 | ---- | C] () -- C:\Users\Nicole\P1010895.JPG
[2011/11/19 16:31:32 | 000,005,930 | ---- | C] () -- C:\Users\Nicole\P1010899.JPG
[2011/11/19 16:31:32 | 000,005,838 | ---- | C] () -- C:\Users\Nicole\P1010890.JPG
[2011/11/19 16:31:32 | 000,005,818 | ---- | C] () -- C:\Users\Nicole\P1010881.JPG
[2011/11/19 16:31:32 | 000,005,689 | ---- | C] () -- C:\Users\Nicole\P1010891.JPG
[2011/11/19 16:31:32 | 000,005,671 | ---- | C] () -- C:\Users\Nicole\P1010903.JPG
[2011/11/19 16:31:32 | 000,005,605 | ---- | C] () -- C:\Users\Nicole\P1010889.JPG
[2011/11/19 16:31:32 | 000,005,584 | ---- | C] () -- C:\Users\Nicole\P1010874.JPG
[2011/11/19 16:31:32 | 000,005,481 | ---- | C] () -- C:\Users\Nicole\P1010904.JPG
[2011/11/19 16:31:32 | 000,005,456 | ---- | C] () -- C:\Users\Nicole\P1010901.JPG
[2011/11/19 16:31:32 | 000,005,327 | ---- | C] () -- C:\Users\Nicole\P1010879.JPG
[2011/11/19 16:31:32 | 000,005,305 | ---- | C] () -- C:\Users\Nicole\P1010884.JPG
[2011/11/19 16:31:32 | 000,005,247 | ---- | C] () -- C:\Users\Nicole\P1010902.JPG
[2011/11/19 16:31:32 | 000,005,180 | ---- | C] () -- C:\Users\Nicole\P1010872.JPG
[2011/11/19 16:31:32 | 000,005,164 | ---- | C] () -- C:\Users\Nicole\P1010885.JPG
[2011/11/19 16:31:32 | 000,005,162 | ---- | C] () -- C:\Users\Nicole\P1010886.JPG
[2011/11/19 16:31:32 | 000,005,046 | ---- | C] () -- C:\Users\Nicole\P1010880.JPG
[2011/11/19 16:31:32 | 000,005,041 | ---- | C] () -- C:\Users\Nicole\P1010876.JPG
[2011/11/19 16:31:32 | 000,004,974 | ---- | C] () -- C:\Users\Nicole\P1010866.JPG
[2011/11/19 16:31:32 | 000,004,904 | ---- | C] () -- C:\Users\Nicole\P1010864.JPG
[2011/11/19 16:31:32 | 000,004,855 | ---- | C] () -- C:\Users\Nicole\P1010865.JPG
[2011/11/19 16:31:32 | 000,004,838 | ---- | C] () -- C:\Users\Nicole\P1010877.JPG
[2011/11/19 16:31:32 | 000,004,788 | ---- | C] () -- C:\Users\Nicole\P1010898.JPG
[2011/11/19 16:31:32 | 000,004,788 | ---- | C] () -- C:\Users\Nicole\P1010887.JPG
[2011/11/19 16:31:32 | 000,004,777 | ---- | C] () -- C:\Users\Nicole\P1010888.JPG
[2011/11/19 16:31:32 | 000,004,601 | ---- | C] () -- C:\Users\Nicole\P1010870.JPG
[2011/11/19 16:31:32 | 000,004,535 | ---- | C] () -- C:\Users\Nicole\P1010869.JPG
[2011/11/19 16:31:32 | 000,004,499 | ---- | C] () -- C:\Users\Nicole\P1010873.JPG
[2011/11/19 16:31:32 | 000,004,400 | ---- | C] () -- C:\Users\Nicole\P1010867.JPG
[2011/11/19 16:31:32 | 000,004,159 | ---- | C] () -- C:\Users\Nicole\P1010875.JPG
[2011/11/19 16:31:32 | 000,004,093 | ---- | C] () -- C:\Users\Nicole\P1010878.JPG
[2011/11/19 16:31:32 | 000,003,826 | ---- | C] () -- C:\Users\Nicole\P1010893.JPG
[2011/11/19 16:31:32 | 000,003,801 | ---- | C] () -- C:\Users\Nicole\P1010868.JPG
[2011/11/19 16:31:32 | 000,003,607 | ---- | C] () -- C:\Users\Nicole\P1010871.JPG
[2011/11/19 16:31:32 | 000,003,541 | ---- | C] () -- C:\Users\Nicole\P1010894.JPG
[2011/11/19 16:31:31 | 000,006,105 | ---- | C] () -- C:\Users\Nicole\P1010813.JPG
[2011/11/19 16:31:31 | 000,006,024 | ---- | C] () -- C:\Users\Nicole\P1010846.JPG
[2011/11/19 16:31:31 | 000,005,933 | ---- | C] () -- C:\Users\Nicole\P1010843.JPG
[2011/11/19 16:31:31 | 000,005,930 | ---- | C] () -- C:\Users\Nicole\P1010861.JPG
[2011/11/19 16:31:31 | 000,005,587 | ---- | C] () -- C:\Users\Nicole\P1010811.JPG
[2011/11/19 16:31:31 | 000,005,409 | ---- | C] () -- C:\Users\Nicole\P1010844.JPG
[2011/11/19 16:31:31 | 000,005,366 | ---- | C] () -- C:\Users\Nicole\P1010833.JPG
[2011/11/19 16:31:31 | 000,005,358 | ---- | C] () -- C:\Users\Nicole\P1010823.JPG
[2011/11/19 16:31:31 | 000,005,353 | ---- | C] () -- C:\Users\Nicole\P1010835.JPG
[2011/11/19 16:31:31 | 000,005,247 | ---- | C] () -- C:\Users\Nicole\P1010812.JPG
[2011/11/19 16:31:31 | 000,005,206 | ---- | C] () -- C:\Users\Nicole\P1010845.JPG
[2011/11/19 16:31:31 | 000,005,133 | ---- | C] () -- C:\Users\Nicole\P1010830.JPG
[2011/11/19 16:31:31 | 000,005,107 | ---- | C] () -- C:\Users\Nicole\P1010806.JPG
[2011/11/19 16:31:31 | 000,005,089 | ---- | C] () -- C:\Users\Nicole\P1010825.JPG
[2011/11/19 16:31:31 | 000,005,061 | ---- | C] () -- C:\Users\Nicole\P1010837.JPG
[2011/11/19 16:31:31 | 000,005,040 | ---- | C] () -- C:\Users\Nicole\P1010836.JPG
[2011/11/19 16:31:31 | 000,005,017 | ---- | C] () -- C:\Users\Nicole\P1010838.JPG
[2011/11/19 16:31:31 | 000,005,001 | ---- | C] () -- C:\Users\Nicole\P1010834.JPG
[2011/11/19 16:31:31 | 000,004,893 | ---- | C] () -- C:\Users\Nicole\P1010859.JPG
[2011/11/19 16:31:31 | 000,004,884 | ---- | C] () -- C:\Users\Nicole\P1010828.JPG
[2011/11/19 16:31:31 | 000,004,850 | ---- | C] () -- C:\Users\Nicole\P1010805.JPG
[2011/11/19 16:31:31 | 000,004,849 | ---- | C] () -- C:\Users\Nicole\P1010829.JPG
[2011/11/19 16:31:31 | 000,004,816 | ---- | C] () -- C:\Users\Nicole\P1010810.JPG
[2011/11/19 16:31:31 | 000,004,756 | ---- | C] () -- C:\Users\Nicole\P1010807.JPG
[2011/11/19 16:31:31 | 000,004,701 | ---- | C] () -- C:\Users\Nicole\P1010831.JPG
[2011/11/19 16:31:31 | 000,004,689 | ---- | C] () -- C:\Users\Nicole\P1010817.JPG
[2011/11/19 16:31:31 | 000,004,530 | ---- | C] () -- C:\Users\Nicole\P1010818.JPG
[2011/11/19 16:31:31 | 000,004,503 | ---- | C] () -- C:\Users\Nicole\P1010795.JPG
[2011/11/19 16:31:31 | 000,004,502 | ---- | C] () -- C:\Users\Nicole\P1010794.JPG
[2011/11/19 16:31:31 | 000,004,493 | ---- | C] () -- C:\Users\Nicole\P1010819.JPG
[2011/11/19 16:31:31 | 000,004,488 | ---- | C] () -- C:\Users\Nicole\P1010826.JPG
[2011/11/19 16:31:31 | 000,004,434 | ---- | C] () -- C:\Users\Nicole\P1010821.JPG
[2011/11/19 16:31:31 | 000,004,417 | ---- | C] () -- C:\Users\Nicole\P1010824.JPG
[2011/11/19 16:31:31 | 000,004,396 | ---- | C] () -- C:\Users\Nicole\P1010827.JPG
[2011/11/19 16:31:31 | 000,004,363 | ---- | C] () -- C:\Users\Nicole\P1010862.JPG
[2011/11/19 16:31:31 | 000,004,295 | ---- | C] () -- C:\Users\Nicole\P1010820.JPG
[2011/11/19 16:31:31 | 000,004,278 | ---- | C] () -- C:\Users\Nicole\P1010853.JPG
[2011/11/19 16:31:31 | 000,004,275 | ---- | C] () -- C:\Users\Nicole\P1010798.JPG
[2011/11/19 16:31:31 | 000,004,272 | ---- | C] () -- C:\Users\Nicole\P1010852.JPG
[2011/11/19 16:31:31 | 000,004,239 | ---- | C] () -- C:\Users\Nicole\P1010832.JPG
[2011/11/19 16:31:31 | 000,004,130 | ---- | C] () -- C:\Users\Nicole\P1010860.JPG
[2011/11/19 16:31:31 | 000,004,099 | ---- | C] () -- C:\Users\Nicole\P1010816.JPG
[2011/11/19 16:31:31 | 000,004,080 | ---- | C] () -- C:\Users\Nicole\P1010854.JPG
[2011/11/19 16:31:31 | 000,004,036 | ---- | C] () -- C:\Users\Nicole\P1010842.JPG
[2011/11/19 16:31:31 | 000,004,016 | ---- | C] () -- C:\Users\Nicole\P1010797.JPG
[2011/11/19 16:31:31 | 000,003,920 | ---- | C] () -- C:\Users\Nicole\P1010851.JPG
[2011/11/19 16:31:31 | 000,003,867 | ---- | C] () -- C:\Users\Nicole\P1010856.JPG
[2011/11/19 16:31:31 | 000,003,860 | ---- | C] () -- C:\Users\Nicole\P1010863.JPG
[2011/11/19 16:31:31 | 000,003,818 | ---- | C] () -- C:\Users\Nicole\P1010801.JPG
[2011/11/19 16:31:31 | 000,003,740 | ---- | C] () -- C:\Users\Nicole\P1010808.JPG
[2011/11/19 16:31:31 | 000,003,702 | ---- | C] () -- C:\Users\Nicole\P1010858.JPG
[2011/11/19 16:31:31 | 000,003,674 | ---- | C] () -- C:\Users\Nicole\P1010847.JPG
[2011/11/19 16:31:31 | 000,003,671 | ---- | C] () -- C:\Users\Nicole\P1010850.JPG
[2011/11/19 16:31:31 | 000,003,658 | ---- | C] () -- C:\Users\Nicole\P1010803.JPG
[2011/11/19 16:31:31 | 000,003,618 | ---- | C] () -- C:\Users\Nicole\P1010814.JPG
[2011/11/19 16:31:31 | 000,003,594 | ---- | C] () -- C:\Users\Nicole\P1010799.JPG
[2011/11/19 16:31:31 | 000,003,580 | ---- | C] () -- C:\Users\Nicole\P1010849.JPG
[2011/11/19 16:31:31 | 000,003,520 | ---- | C] () -- C:\Users\Nicole\P1010809.JPG
[2011/11/19 16:31:31 | 000,003,519 | ---- | C] () -- C:\Users\Nicole\P1010839.JPG
[2011/11/19 16:31:31 | 000,003,435 | ---- | C] () -- C:\Users\Nicole\P1010800.JPG
[2011/11/19 16:31:31 | 000,003,385 | ---- | C] () -- C:\Users\Nicole\P1010857.JPG
[2011/11/19 16:31:31 | 000,003,373 | ---- | C] () -- C:\Users\Nicole\P1010841.JPG
[2011/11/19 16:31:31 | 000,003,342 | ---- | C] () -- C:\Users\Nicole\P1010804.JPG
[2011/11/19 16:31:31 | 000,003,303 | ---- | C] () -- C:\Users\Nicole\P1010796.JPG
[2011/11/19 16:31:31 | 000,003,282 | ---- | C] () -- C:\Users\Nicole\P1010848.JPG
[2011/11/19 16:31:31 | 000,003,281 | ---- | C] () -- C:\Users\Nicole\P1010802.JPG
[2011/11/19 16:31:31 | 000,003,272 | ---- | C] () -- C:\Users\Nicole\P1010840.JPG
[2011/11/19 16:31:31 | 000,003,234 | ---- | C] () -- C:\Users\Nicole\P1010855.JPG
[2011/11/19 16:31:31 | 000,003,131 | ---- | C] () -- C:\Users\Nicole\P1010815.JPG
[2011/11/19 16:31:31 | 000,003,030 | ---- | C] () -- C:\Users\Nicole\P1010822.JPG
[2011/11/19 16:31:30 | 000,005,865 | ---- | C] () -- C:\Users\Nicole\P1010775.JPG
[2011/11/19 16:31:30 | 000,005,655 | ---- | C] () -- C:\Users\Nicole\P1010774.JPG
[2011/11/19 16:31:30 | 000,005,341 | ---- | C] () -- C:\Users\Nicole\P1010784.JPG
[2011/11/19 16:31:30 | 000,005,146 | ---- | C] () -- C:\Users\Nicole\P1010776.JPG
[2011/11/19 16:31:30 | 000,005,133 | ---- | C] () -- C:\Users\Nicole\P1010783.JPG
[2011/11/19 16:31:30 | 000,005,118 | ---- | C] () -- C:\Users\Nicole\P1010736.JPG
[2011/11/19 16:31:30 | 000,004,944 | ---- | C] () -- C:\Users\Nicole\P1010770.JPG
[2011/11/19 16:31:30 | 000,004,838 | ---- | C] () -- C:\Users\Nicole\P1010777.JPG
[2011/11/19 16:31:30 | 000,004,835 | ---- | C] () -- C:\Users\Nicole\P1010772.JPG
[2011/11/19 16:31:30 | 000,004,830 | ---- | C] () -- C:\Users\Nicole\P1010734.JPG
[2011/11/19 16:31:30 | 000,004,828 | ---- | C] () -- C:\Users\Nicole\P1010727.JPG
[2011/11/19 16:31:30 | 000,004,765 | ---- | C] () -- C:\Users\Nicole\P1010766.JPG
[2011/11/19 16:31:30 | 000,004,722 | ---- | C] () -- C:\Users\Nicole\P1010771.JPG
[2011/11/19 16:31:30 | 000,004,696 | ---- | C] () -- C:\Users\Nicole\P1010741.JPG
[2011/11/19 16:31:30 | 000,004,693 | ---- | C] () -- C:\Users\Nicole\P1010735.JPG
[2011/11/19 16:31:30 | 000,004,578 | ---- | C] () -- C:\Users\Nicole\P1010778.JPG
[2011/11/19 16:31:30 | 000,004,559 | ---- | C] () -- C:\Users\Nicole\P1010745.JPG
[2011/11/19 16:31:30 | 000,004,558 | ---- | C] () -- C:\Users\Nicole\P1010764.JPG
[2011/11/19 16:31:30 | 000,004,552 | ---- | C] () -- C:\Users\Nicole\P1010726.JPG
[2011/11/19 16:31:30 | 000,004,551 | ---- | C] () -- C:\Users\Nicole\P1010782.JPG
[2011/11/19 16:31:30 | 000,004,496 | ---- | C] () -- C:\Users\Nicole\P1010779.JPG
[2011/11/19 16:31:30 | 000,004,489 | ---- | C] () -- C:\Users\Nicole\P1010739.JPG
[2011/11/19 16:31:30 | 000,004,462 | ---- | C] () -- C:\Users\Nicole\P1010768.JPG
[2011/11/19 16:31:30 | 000,004,455 | ---- | C] () -- C:\Users\Nicole\P1010744.JPG
[2011/11/19 16:31:30 | 000,004,451 | ---- | C] () -- C:\Users\Nicole\P1010763.JPG
[2011/11/19 16:31:30 | 000,004,440 | ---- | C] () -- C:\Users\Nicole\P1010728.JPG
[2011/11/19 16:31:30 | 000,004,404 | ---- | C] () -- C:\Users\Nicole\P1010780.JPG
[2011/11/19 16:31:30 | 000,004,403 | ---- | C] () -- C:\Users\Nicole\P1010765.JPG
[2011/11/19 16:31:30 | 000,004,403 | ---- | C] () -- C:\Users\Nicole\P1010732.JPG
[2011/11/19 16:31:30 | 000,004,400 | ---- | C] () -- C:\Users\Nicole\P1010791.JPG
[2011/11/19 16:31:30 | 000,004,397 | ---- | C] () -- C:\Users\Nicole\P1010767.JPG
[2011/11/19 16:31:30 | 000,004,377 | ---- | C] () -- C:\Users\Nicole\P1010781.JPG
[2011/11/19 16:31:30 | 000,004,375 | ---- | C] () -- C:\Users\Nicole\P1010725.JPG
[2011/11/19 16:31:30 | 000,004,371 | ---- | C] () -- C:\Users\Nicole\P1010759.JPG
[2011/11/19 16:31:30 | 000,004,335 | ---- | C] () -- C:\Users\Nicole\P1010742.JPG
[2011/11/19 16:31:30 | 000,004,240 | ---- | C] () -- C:\Users\Nicole\P1010769.JPG
[2011/11/19 16:31:30 | 000,004,179 | ---- | C] () -- C:\Users\Nicole\P1010737.JPG
[2011/11/19 16:31:30 | 000,004,172 | ---- | C] () -- C:\Users\Nicole\P1010738.JPG
[2011/11/19 16:31:30 | 000,004,123 | ---- | C] () -- C:\Users\Nicole\P1010792.JPG
[2011/11/19 16:31:30 | 000,004,117 | ---- | C] () -- C:\Users\Nicole\P1010790.JPG
[2011/11/19 16:31:30 | 000,004,098 | ---- | C] () -- C:\Users\Nicole\P1010743.JPG
[2011/11/19 16:31:30 | 000,004,087 | ---- | C] () -- C:\Users\Nicole\P1010785.JPG
[2011/11/19 16:31:30 | 000,003,988 | ---- | C] () -- C:\Users\Nicole\P1010733.JPG
[2011/11/19 16:31:30 | 000,003,960 | ---- | C] () -- C:\Users\Nicole\P1010730.JPG
[2011/11/19 16:31:30 | 000,003,914 | ---- | C] () -- C:\Users\Nicole\P1010789.JPG
[2011/11/19 16:31:30 | 000,003,910 | ---- | C] () -- C:\Users\Nicole\P1010787.JPG
[2011/11/19 16:31:30 | 000,003,877 | ---- | C] () -- C:\Users\Nicole\P1010731.JPG
[2011/11/19 16:31:30 | 000,003,826 | ---- | C] () -- C:\Users\Nicole\P1010723.JPG
[2011/11/19 16:31:30 | 000,003,770 | ---- | C] () -- C:\Users\Nicole\P1010758.JPG
[2011/11/19 16:31:30 | 000,003,743 | ---- | C] () -- C:\Users\Nicole\P1010760.JPG
[2011/11/19 16:31:30 | 000,003,730 | ---- | C] () -- C:\Users\Nicole\P1010729.JPG
[2011/11/19 16:31:30 | 000,003,649 | ---- | C] () -- C:\Users\Nicole\P1010751.JPG
[2011/11/19 16:31:30 | 000,003,613 | ---- | C] () -- C:\Users\Nicole\P1010757.JPG
[2011/11/19 16:31:30 | 000,003,611 | ---- | C] () -- C:\Users\Nicole\P1010773.JPG
[2011/11/19 16:31:30 | 000,003,586 | ---- | C] () -- C:\Users\Nicole\P1010724.JPG
[2011/11/19 16:31:30 | 000,003,570 | ---- | C] () -- C:\Users\Nicole\P1010748.JPG
[2011/11/19 16:31:30 | 000,003,551 | ---- | C] () -- C:\Users\Nicole\P1010786.JPG
[2011/11/19 16:31:30 | 000,003,514 | ---- | C] () -- C:\Users\Nicole\P1010746.JPG
[2011/11/19 16:31:30 | 000,003,484 | ---- | C] () -- C:\Users\Nicole\P1010756.JPG
[2011/11/19 16:31:30 | 000,003,395 | ---- | C] () -- C:\Users\Nicole\P1010762.JPG
[2011/11/19 16:31:30 | 000,003,361 | ---- | C] () -- C:\Users\Nicole\P1010793.JPG
[2011/11/19 16:31:30 | 000,003,330 | ---- | C] () -- C:\Users\Nicole\P1010761.JPG
[2011/11/19 16:31:30 | 000,003,219 | ---- | C] () -- C:\Users\Nicole\P1010722.JPG
[2011/11/19 16:31:30 | 000,003,051 | ---- | C] () -- C:\Users\Nicole\P1010755.JPG
[2011/11/19 16:31:30 | 000,003,027 | ---- | C] () -- C:\Users\Nicole\P1010740.JPG
[2011/11/19 16:31:30 | 000,003,017 | ---- | C] () -- C:\Users\Nicole\P1010753.JPG
[2011/11/19 16:31:30 | 000,003,016 | ---- | C] () -- C:\Users\Nicole\P1010788.JPG
[2011/11/19 16:31:30 | 000,002,945 | ---- | C] () -- C:\Users\Nicole\P1010749.JPG
[2011/11/19 16:31:30 | 000,002,837 | ---- | C] () -- C:\Users\Nicole\P1010750.JPG
[2011/11/19 16:31:30 | 000,002,757 | ---- | C] () -- C:\Users\Nicole\P1010747.JPG
[2011/11/19 16:31:30 | 000,002,603 | ---- | C] () -- C:\Users\Nicole\P1010752.JPG
[2011/11/19 16:31:30 | 000,001,953 | ---- | C] () -- C:\Users\Nicole\P1010754.JPG
[2011/11/19 16:31:29 | 005,041,560 | ---- | C] () -- C:\Users\Nicole\P1010687.JPG
[2011/11/19 16:31:29 | 000,006,220 | ---- | C] () -- C:\Users\Nicole\P1010696.JPG
[2011/11/19 16:31:29 | 000,006,158 | ---- | C] () -- C:\Users\Nicole\P1010700.JPG
[2011/11/19 16:31:29 | 000,006,122 | ---- | C] () -- C:\Users\Nicole\P1010697.JPG
[2011/11/19 16:31:29 | 000,006,073 | ---- | C] () -- C:\Users\Nicole\P1010707.JPG
[2011/11/19 16:31:29 | 000,006,032 | ---- | C] () -- C:\Users\Nicole\P1010698.JPG
[2011/11/19 16:31:29 | 000,006,018 | ---- | C] () -- C:\Users\Nicole\P1010702.JPG
[2011/11/19 16:31:29 | 000,006,009 | ---- | C] () -- C:\Users\Nicole\P1010703.JPG
[2011/11/19 16:31:29 | 000,005,909 | ---- | C] () -- C:\Users\Nicole\P1010688.JPG
[2011/11/19 16:31:29 | 000,005,905 | ---- | C] () -- C:\Users\Nicole\P1010701.JPG
[2011/11/19 16:31:29 | 000,005,866 | ---- | C] () -- C:\Users\Nicole\P1010705.JPG
[2011/11/19 16:31:29 | 000,005,786 | ---- | C] () -- C:\Users\Nicole\P1010699.JPG
[2011/11/19 16:31:29 | 000,005,711 | ---- | C] () -- C:\Users\Nicole\P1010695.JPG
[2011/11/19 16:31:29 | 000,005,657 | ---- | C] () -- C:\Users\Nicole\P1010716.JPG
[2011/11/19 16:31:29 | 000,005,653 | ---- | C] () -- C:\Users\Nicole\P1010704.JPG
[2011/11/19 16:31:29 | 000,005,581 | ---- | C] () -- C:\Users\Nicole\P1010718.JPG
[2011/11/19 16:31:29 | 000,005,577 | ---- | C] () -- C:\Users\Nicole\P1010717.JPG
[2011/11/19 16:31:29 | 000,005,383 | ---- | C] () -- C:\Users\Nicole\P1010708.JPG
[2011/11/19 16:31:29 | 000,005,216 | ---- | C] () -- C:\Users\Nicole\P1010706.JPG
[2011/11/19 16:31:29 | 000,005,177 | ---- | C] () -- C:\Users\Nicole\P1010715.JPG
[2011/11/19 16:31:29 | 000,004,931 | ---- | C] () -- C:\Users\Nicole\P1010712.JPG
[2011/11/19 16:31:29 | 000,004,721 | ---- | C] () -- C:\Users\Nicole\P1010689.JPG
[2011/11/19 16:31:29 | 000,004,495 | ---- | C] () -- C:\Users\Nicole\P1010691.JPG
[2011/11/19 16:31:29 | 000,004,469 | ---- | C] () -- C:\Users\Nicole\P1010690.JPG
[2011/11/19 16:31:29 | 000,004,290 | ---- | C] () -- C:\Users\Nicole\P1010693.JPG
[2011/11/19 16:31:29 | 000,004,233 | ---- | C] () -- C:\Users\Nicole\P1010714.JPG
[2011/11/19 16:31:29 | 000,004,219 | ---- | C] () -- C:\Users\Nicole\P1010692.JPG
[2011/11/19 16:31:29 | 000,003,910 | ---- | C] () -- C:\Users\Nicole\P1010694.JPG
[2011/11/19 16:31:29 | 000,003,759 | ---- | C] () -- C:\Users\Nicole\P1010713.JPG
[2011/11/19 16:31:29 | 000,003,717 | ---- | C] () -- C:\Users\Nicole\P1010721.JPG
[2011/11/19 16:31:29 | 000,003,631 | ---- | C] () -- C:\Users\Nicole\P1010711.JPG
[2011/11/19 16:31:29 | 000,003,410 | ---- | C] () -- C:\Users\Nicole\P1010719.JPG
[2011/11/19 16:31:29 | 000,003,322 | ---- | C] () -- C:\Users\Nicole\P1010709.JPG
[2011/11/19 16:31:29 | 000,003,221 | ---- | C] () -- C:\Users\Nicole\P1010710.JPG
[2011/11/19 16:31:29 | 000,003,205 | ---- | C] () -- C:\Users\Nicole\P1010720.JPG
[2011/11/19 16:31:28 | 004,675,753 | ---- | C] () -- C:\Users\Nicole\P1010686.JPG
[2011/11/19 16:31:28 | 004,398,320 | ---- | C] () -- C:\Users\Nicole\P1010685.JPG
[2011/11/19 16:31:27 | 004,754,240 | ---- | C] () -- C:\Users\Nicole\P1010684.JPG
[2011/11/19 16:31:26 | 004,478,249 | ---- | C] () -- C:\Users\Nicole\P1010683.JPG
[2011/11/19 16:31:25 | 005,046,492 | ---- | C] () -- C:\Users\Nicole\P1010681.JPG
[2011/11/19 16:31:25 | 004,927,121 | ---- | C] () -- C:\Users\Nicole\P1010682.JPG
[2011/11/19 16:31:24 | 004,673,906 | ---- | C] () -- C:\Users\Nicole\P1010680.JPG
[2011/11/19 16:31:23 | 004,919,513 | ---- | C] () -- C:\Users\Nicole\P1010679.JPG
[2011/11/19 16:31:22 | 004,871,497 | ---- | C] () -- C:\Users\Nicole\P1010678.JPG
[2011/11/19 16:31:22 | 004,845,438 | ---- | C] () -- C:\Users\Nicole\P1010677.JPG
[2011/11/19 16:31:21 | 004,484,467 | ---- | C] () -- C:\Users\Nicole\P1010676.JPG
[2011/11/19 16:31:20 | 004,872,429 | ---- | C] () -- C:\Users\Nicole\P1010675.JPG
[2011/11/19 16:31:20 | 004,844,480 | ---- | C] () -- C:\Users\Nicole\P1010674.JPG
[2011/11/19 16:31:19 | 004,780,925 | ---- | C] () -- C:\Users\Nicole\P1010673.JPG
[2011/11/19 16:31:18 | 004,688,932 | ---- | C] () -- C:\Users\Nicole\P1010671.JPG
[2011/11/19 16:31:18 | 004,260,782 | ---- | C] () -- C:\Users\Nicole\P1010672.JPG
[2011/11/19 16:31:17 | 004,446,100 | ---- | C] () -- C:\Users\Nicole\P1010670.JPG
[2011/11/19 16:31:16 | 004,853,286 | ---- | C] () -- C:\Users\Nicole\P1010669.JPG
[2011/11/19 16:31:16 | 004,506,179 | ---- | C] () -- C:\Users\Nicole\P1010668.JPG
[2011/11/19 16:31:15 | 004,404,087 | ---- | C] () -- C:\Users\Nicole\P1010667.JPG
[2011/11/19 16:31:14 | 003,772,240 | ---- | C] () -- C:\Users\Nicole\P1010665.JPG
[2011/11/19 16:31:14 | 003,092,472 | ---- | C] () -- C:\Users\Nicole\P1010666.JPG
[2011/11/19 16:31:13 | 005,057,542 | ---- | C] () -- C:\Users\Nicole\P1010663.JPG
[2011/11/19 16:31:13 | 004,381,092 | ---- | C] () -- C:\Users\Nicole\P1010664.JPG
[2011/11/19 16:31:12 | 004,838,854 | ---- | C] () -- C:\Users\Nicole\P1010662.JPG
[2011/11/19 16:31:11 | 004,892,295 | ---- | C] () -- C:\Users\Nicole\P1010661.JPG
[2011/11/19 16:31:10 | 005,273,050 | ---- | C] () -- C:\Users\Nicole\P1010659.JPG
[2011/11/19 16:31:10 | 005,096,184 | ---- | C] () -- C:\Users\Nicole\P1010660.JPG
[2011/11/19 16:31:09 | 004,855,820 | ---- | C] () -- C:\Users\Nicole\P1010657.JPG
[2011/11/19 16:31:09 | 004,682,339 | ---- | C] () -- C:\Users\Nicole\P1010658.JPG
[2011/11/19 16:31:08 | 004,895,573 | ---- | C] () -- C:\Users\Nicole\P1010656.JPG
[2011/11/19 16:31:07 | 004,945,807 | ---- | C] () -- C:\Users\Nicole\P1010655.JPG
[2011/11/19 16:31:06 | 004,918,443 | ---- | C] () -- C:\Users\Nicole\P1010654.JPG
[2011/11/19 16:31:06 | 004,690,969 | ---- | C] () -- C:\Users\Nicole\P1010653.JPG
[2011/11/19 16:31:05 | 004,591,994 | ---- | C] () -- C:\Users\Nicole\P1010652.JPG
[2011/11/19 16:31:04 | 004,835,787 | ---- | C] () -- C:\Users\Nicole\P1010651.JPG
[2011/11/19 16:31:04 | 004,419,261 | ---- | C] () -- C:\Users\Nicole\P1010650.JPG
[2011/11/19 16:31:03 | 004,733,049 | ---- | C] () -- C:\Users\Nicole\P1010649.JPG
[2011/11/19 16:31:02 | 005,288,032 | ---- | C] () -- C:\Users\Nicole\P1010648.JPG
[2011/11/19 16:31:02 | 005,031,135 | ---- | C] () -- C:\Users\Nicole\P1010647.JPG
[2011/11/19 16:31:01 | 003,658,157 | ---- | C] () -- C:\Users\Nicole\P1010646.JPG
[2011/11/19 16:31:00 | 004,130,869 | ---- | C] () -- C:\Users\Nicole\P1010645.JPG
[2011/11/19 16:31:00 | 003,477,303 | ---- | C] () -- C:\Users\Nicole\P1010644.JPG
[2011/11/19 16:30:59 | 004,311,757 | ---- | C] () -- C:\Users\Nicole\P1010643.JPG
[2011/11/19 16:30:58 | 004,645,226 | ---- | C] () -- C:\Users\Nicole\P1010641.JPG
[2011/11/19 16:30:58 | 003,735,889 | ---- | C] () -- C:\Users\Nicole\P1010642.JPG
[2011/11/19 16:30:57 | 004,464,254 | ---- | C] () -- C:\Users\Nicole\P1010639.JPG
[2011/11/19 16:30:57 | 004,446,964 | ---- | C] () -- C:\Users\Nicole\P1010640.JPG
[2011/11/19 16:30:56 | 004,406,701 | ---- | C] () -- C:\Users\Nicole\P1010638.JPG
[2011/11/19 16:30:55 | 004,475,894 | ---- | C] () -- C:\Users\Nicole\P1010636.JPG
[2011/11/19 16:30:55 | 004,397,074 | ---- | C] () -- C:\Users\Nicole\P1010637.JPG
[2011/11/19 16:30:54 | 003,914,174 | ---- | C] () -- C:\Users\Nicole\P1010635.JPG
[2011/11/19 16:30:53 | 004,849,106 | ---- | C] () -- C:\Users\Nicole\P1010633.JPG
[2011/11/19 16:30:53 | 004,451,616 | ---- | C] () -- C:\Users\Nicole\P1010634.JPG
[2011/11/19 16:30:52 | 004,275,147 | ---- | C] () -- C:\Users\Nicole\P1010632.JPG
[2011/11/19 16:30:51 | 004,302,484 | ---- | C] () -- C:\Users\Nicole\P1010631.JPG
[2011/11/19 16:30:51 | 004,301,215 | ---- | C] () -- C:\Users\Nicole\P1010630.JPG
[2011/11/19 16:30:50 | 004,702,516 | ---- | C] () -- C:\Users\Nicole\P1010629.JPG
[2011/11/19 16:30:49 | 005,150,644 | ---- | C] () -- C:\Users\Nicole\P1010628.JPG
[2011/11/19 16:30:48 | 004,774,944 | ---- | C] () -- C:\Users\Nicole\P1010627.JPG
[2011/11/19 16:30:48 | 004,520,301 | ---- | C] () -- C:\Users\Nicole\P1010626.JPG
[2011/11/19 16:30:47 | 004,392,444 | ---- | C] () -- C:\Users\Nicole\P1010625.JPG
[2011/11/19 16:30:46 | 004,502,882 | ---- | C] () -- C:\Users\Nicole\P1010623.JPG
[2011/11/19 16:30:46 | 004,186,384 | ---- | C] () -- C:\Users\Nicole\P1010624.JPG
[2011/11/19 16:30:45 | 004,495,400 | ---- | C] () -- C:\Users\Nicole\P1010622.JPG
[2011/11/19 16:30:44 | 004,747,191 | ---- | C] () -- C:\Users\Nicole\P1010620.JPG
[2011/11/19 16:30:44 | 004,734,142 | ---- | C] () -- C:\Users\Nicole\P1010621.JPG
[2011/11/19 16:30:43 | 004,682,807 | ---- | C] () -- C:\Users\Nicole\P1010618.JPG
[2011/11/19 16:30:43 | 004,607,416 | ---- | C] () -- C:\Users\Nicole\P1010619.JPG
[2011/11/19 16:30:42 | 004,940,614 | ---- | C] () -- C:\Users\Nicole\P1010617.JPG
[2011/11/19 16:30:41 | 004,909,961 | ---- | C] () -- C:\Users\Nicole\P1010616.JPG
[2011/11/19 16:30:41 | 004,758,283 | ---- | C] () -- C:\Users\Nicole\P1010615.JPG
[2011/11/19 16:30:40 | 004,166,526 | ---- | C] () -- C:\Users\Nicole\P1010614.JPG
[2011/11/19 16:30:39 | 004,758,232 | ---- | C] () -- C:\Users\Nicole\P1010612.JPG
[2011/11/19 16:30:39 | 004,369,310 | ---- | C] () -- C:\Users\Nicole\P1010613.JPG
[2011/11/19 16:30:38 | 004,163,365 | ---- | C] () -- C:\Users\Nicole\P1010611.JPG
[2011/11/19 16:30:37 | 004,980,182 | ---- | C] () -- C:\Users\Nicole\P1010609.JPG
[2011/11/19 16:30:37 | 004,449,843 | ---- | C] () -- C:\Users\Nicole\P1010610.JPG
[2011/11/19 16:30:36 | 004,388,915 | ---- | C] () -- C:\Users\Nicole\P1010608.JPG
[2011/11/19 16:30:36 | 004,273,359 | ---- | C] () -- C:\Users\Nicole\P1010607.JPG
[2011/11/19 16:30:35 | 004,520,270 | ---- | C] () -- C:\Users\Nicole\P1010606.JPG
[2011/11/19 16:30:34 | 004,492,142 | ---- | C] () -- C:\Users\Nicole\P1010605.JPG
[2011/11/19 16:30:34 | 004,433,551 | ---- | C] () -- C:\Users\Nicole\P1010604.JPG
[2011/11/19 16:30:33 | 004,236,015 | ---- | C] () -- C:\Users\Nicole\P1010603.JPG
[2011/11/19 16:30:32 | 004,483,858 | ---- | C] () -- C:\Users\Nicole\P1010601.JPG
[2011/11/19 16:30:32 | 004,253,956 | ---- | C] () -- C:\Users\Nicole\P1010602.JPG
[2011/11/19 16:30:31 | 004,480,308 | ---- | C] () -- C:\Users\Nicole\P1010600.JPG
[2011/11/19 16:30:30 | 004,460,701 | ---- | C] () -- C:\Users\Nicole\P1010599.JPG
[2011/11/19 16:30:30 | 004,457,266 | ---- | C] () -- C:\Users\Nicole\P1010598.JPG
[2011/11/19 16:30:29 | 004,503,551 | ---- | C] () -- C:\Users\Nicole\P1010597.JPG
[2011/11/19 16:30:28 | 004,437,858 | ---- | C] () -- C:\Users\Nicole\P1010596.JPG
[2011/11/19 16:30:28 | 004,392,099 | ---- | C] () -- C:\Users\Nicole\P1010595.JPG
[2011/11/19 16:30:27 | 004,469,382 | ---- | C] () -- C:\Users\Nicole\P1010594.JPG
[2011/11/19 16:30:26 | 004,731,636 | ---- | C] () -- C:\Users\Nicole\P1010592.JPG
[2011/11/19 16:30:26 | 004,560,527 | ---- | C] () -- C:\Users\Nicole\P1010593.JPG
[2011/11/19 16:30:25 | 004,649,108 | ---- | C] () -- C:\Users\Nicole\P1010591.JPG
[2011/11/19 16:30:24 | 004,747,209 | ---- | C] () -- C:\Users\Nicole\P1010590.JPG
[2011/11/19 16:30:24 | 004,580,771 | ---- | C] () -- C:\Users\Nicole\P1010589.JPG
[2011/11/19 16:30:23 | 004,642,782 | ---- | C] () -- C:\Users\Nicole\P1010588.JPG
[2011/11/19 16:30:22 | 004,602,005 | ---- | C] () -- C:\Users\Nicole\P1010587.JPG
[2011/11/19 16:30:22 | 004,398,506 | ---- | C] () -- C:\Users\Nicole\P1010586.JPG
[2011/11/19 16:30:21 | 004,721,822 | ---- | C] () -- C:\Users\Nicole\P1010585.JPG
[2011/11/19 16:30:20 | 004,663,321 | ---- | C] () -- C:\Users\Nicole\P1010584.JPG
[2011/11/19 16:30:20 | 004,178,828 | ---- | C] () -- C:\Users\Nicole\P1010583.JPG
[2011/11/19 16:30:19 | 004,510,588 | ---- | C] () -- C:\Users\Nicole\P1010582.JPG
[2011/11/19 16:30:19 | 004,399,145 | ---- | C] () -- C:\Users\Nicole\P1010581.JPG
[2011/11/19 16:30:18 | 004,646,131 | ---- | C] () -- C:\Users\Nicole\P1010580.JPG
[2011/11/19 16:30:17 | 004,713,631 | ---- | C] () -- C:\Users\Nicole\P1010579.JPG
[2011/11/19 16:30:17 | 004,593,978 | ---- | C] () -- C:\Users\Nicole\P1010578.JPG
[2011/11/19 16:30:16 | 004,607,214 | ---- | C] () -- C:\Users\Nicole\P1010577.JPG
[2011/11/19 16:30:15 | 004,592,109 | ---- | C] () -- C:\Users\Nicole\P1010575.JPG
[2011/11/19 16:30:15 | 004,236,101 | ---- | C] () -- C:\Users\Nicole\P1010576.JPG
[2011/11/19 16:30:14 | 004,776,601 | ---- | C] () -- C:\Users\Nicole\P1010570.JPG
[2011/11/19 16:30:14 | 004,589,177 | ---- | C] () -- C:\Users\Nicole\P1010573.JPG
[2011/11/19 16:30:14 | 004,499,172 | ---- | C] () -- C:\Users\Nicole\P1010574.JPG
[2011/11/19 16:30:14 | 004,405,122 | ---- | C] () -- C:\Users\Nicole\P1010572.JPG
[2011/11/19 16:30:14 | 004,393,823 | ---- | C] () -- C:\Users\Nicole\P1010571.JPG
[2011/11/19 16:30:13 | 004,670,043 | ---- | C] () -- C:\Users\Nicole\P1010564.JPG
[2011/11/19 16:30:13 | 004,536,811 | ---- | C] () -- C:\Users\Nicole\P1010563.JPG
[2011/11/19 16:30:13 | 004,532,147 | ---- | C] () -- C:\Users\Nicole\P1010568.JPG
[2011/11/19 16:30:13 | 004,526,667 | ---- | C] () -- C:\Users\Nicole\P1010569.JPG
[2011/11/19 16:30:13 | 004,512,997 | ---- | C] () -- C:\Users\Nicole\P1010567.JPG
[2011/11/19 16:30:13 | 004,427,124 | ---- | C] () -- C:\Users\Nicole\P1010561.JPG
[2011/11/19 16:30:13 | 004,402,685 | ---- | C] () -- C:\Users\Nicole\P1010566.JPG
[2011/11/19 16:30:13 | 004,349,909 | ---- | C] () -- C:\Users\Nicole\P1010562.JPG
[2011/11/19 16:30:13 | 004,282,582 | ---- | C] () -- C:\Users\Nicole\P1010565.JPG
[2011/11/19 16:30:12 | 004,851,337 | ---- | C] () -- C:\Users\Nicole\P1010554.JPG
[2011/11/19 16:30:12 | 004,744,322 | ---- | C] () -- C:\Users\Nicole\P1010552.JPG
[2011/11/19 16:30:12 | 004,697,464 | ---- | C] () -- C:\Users\Nicole\P1010560.JPG
[2011/11/19 16:30:12 | 004,643,230 | ---- | C] () -- C:\Users\Nicole\P1010555.JPG
[2011/11/19 16:30:12 | 004,635,222 | ---- | C] () -- C:\Users\Nicole\P1010553.JPG
[2011/11/19 16:30:12 | 004,631,556 | ---- | C] () -- C:\Users\Nicole\P1010557.JPG
[2011/11/19 16:30:12 | 004,573,570 | ---- | C] () -- C:\Users\Nicole\P1010559.JPG
[2011/11/19 16:30:12 | 004,115,586 | ---- | C] () -- C:\Users\Nicole\P1010558.JPG
[2011/11/19 16:30:12 | 004,047,831 | ---- | C] () -- C:\Users\Nicole\P1010556.JPG
[2011/11/19 16:30:11 | 004,693,346 | ---- | C] () -- C:\Users\Nicole\P1010547.JPG
[2011/11/19 16:30:11 | 004,647,585 | ---- | C] () -- C:\Users\Nicole\P1010551.JPG
[2011/11/19 16:30:11 | 004,603,962 | ---- | C] () -- C:\Users\Nicole\P1010549.JPG
[2011/11/19 16:30:11 | 004,503,246 | ---- | C] () -- C:\Users\Nicole\P1010548.JPG
[2011/11/19 16:30:11 | 004,228,010 | ---- | C] () -- C:\Users\Nicole\P1010550.JPG
[2011/11/19 16:30:10 | 004,069,886 | ---- | C] () -- C:\Users\Nicole\P1010497.JPG
[2011/11/19 16:30:10 | 002,883,504 | ---- | C] () -- C:\Users\Nicole\P1010546.JPG
[2011/11/05 15:54:53 | 000,049,244 | ---- | C] () -- C:\Windows\System32\LXEFPMON.DLL
[2011/11/05 15:54:53 | 000,036,960 | ---- | C] () -- C:\Windows\System32\LXEFFXPU.DLL
[2011/11/05 15:54:33 | 004,669,440 | ---- | C] () -- C:\Windows\System32\LXEFoem.dll
[2011/11/05 15:51:14 | 000,025,088 | ---- | C] () -- C:\Windows\System32\LXEFsmr.dll
[2011/11/05 15:51:13 | 000,630,784 | ---- | C] () -- C:\Windows\System32\LXEFsm.dll
[2011/07/11 12:16:15 | 001,341,906 | ---- | C] () -- C:\Users\Nicole\Rock Climbing.jpg
[2011/05/18 18:26:53 | 000,001,940 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/01 10:51:40 | 000,000,867 | ---- | C] () -- C:\Users\Nicole\.recently-used.xbel
[2011/03/30 16:39:13 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/03/05 10:54:14 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\Wireless
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/01/26 11:24:09 | 000,000,111 | ---- | C] () -- C:\Users\Nicole\webct_upload_applet.properties
[2010/10/01 13:21:03 | 000,206,374 | ---- | C] () -- C:\Users\Nicole\AppData\Local\debuggee.mdmp
[2010/09/03 16:40:08 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/09/03 16:40:08 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/09/03 16:40:08 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/09/03 16:40:08 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/09/03 16:40:08 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/09/03 16:40:08 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/09/03 16:40:08 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/09/03 16:40:08 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/09/03 16:40:08 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/09/03 16:40:08 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/09/03 16:40:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/09/03 16:40:08 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/09/03 16:40:08 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/09/03 16:40:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/09/03 16:40:08 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/09/03 16:40:08 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/09/03 16:40:08 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/09/03 16:40:08 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/09/03 16:40:08 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/20 15:09:14 | 000,000,680 | ---- | C] () -- C:\Users\Nicole\AppData\Local\d3d9caps.dat
[2010/06/16 11:09:59 | 000,027,136 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 06:45:03 | 000,031,007 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\UserTile.png

========== LOP Check ==========

[2012/08/14 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\.minecraft
[2008/08/28 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\acccore
[2012/05/02 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\authorSTREAM
[2012/05/01 10:48:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Bigasoft Total Video Converter
[2009/05/30 19:54:47 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canon
[2011/09/04 08:24:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Catalina Marketing Corp
[2010/02/11 14:50:34 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Clip Art Collection
[2009/09/23 08:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/08 20:34:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DAEMON Tools Lite
[2012/08/25 09:46:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DriverCure
[2012/05/01 12:41:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2012/05/01 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/06/13 18:07:47 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Facebook
[2010/03/23 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\FileZilla
[2009/07/06 12:00:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GetRightToGo
[2011/05/01 10:51:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gtk-2.0
[2008/08/31 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Individual Software
[2009/02/27 07:06:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\InterVideo
[2011/03/29 09:01:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\KeePass
[2010/02/11 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Notepad++
[2011/03/22 20:45:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OfficeRecovery
[2011/03/22 20:46:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OfficeRecovery.e6af13ee
[2010/10/30 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Opera
[2010/06/16 11:04:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Panasonic
[2008/08/30 06:45:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PeerNetworking
[2012/08/26 15:00:05 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Qwiklinx
[2012/08/25 09:45:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SpeedyPC Software
[2012/02/12 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TaxCut
[2010/06/03 17:03:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Thunderbird
[2011/03/14 07:57:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Uniblue
[2012/05/02 11:30:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\VistaCodecs
[2012/08/26 14:47:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WhiteSmoke
[2010/10/27 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Windows Live Writer
[2012/08/25 14:17:52 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/26 14:47:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 400 bytes -> C:\Users\Nicole\AppData\Local\desktop.ini:07a19238af92db80fe9045ca73c7a84e
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 27th, 2012, 7:21 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 19:14 on 27/08/2012 by Nicole
Administrator - Elevation successful

========== filefind ==========

Searching for "*whitesmoke*"
C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe --a---- 50726 bytes [17:26 05/05/2012] [17:41 05/05/2012] BD560A12F13BC3E69848629CC822FCA7
C:\Program Files\WhiteSmoke\WhiteSmokeRegistration.exe --a---- 2048000 bytes [12:11 05/04/2011] [12:11 05/04/2011] 5D5BE44890B9F4726E7974D4EA537A38
C:\Program Files\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png --a---- 42908 bytes [07:52 26/12/2011] [07:52 26/12/2011] 9EAD1534DD95A75FB77596D6CFCD08B9
C:\Program Files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png --a---- 69220 bytes [07:52 26/12/2011] [07:52 26/12/2011] 2B49C12EF9C0E9EFA8B7AFC4FCC50F16
C:\Program Files\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png --a---- 63327 bytes [07:52 26/12/2011] [07:52 26/12/2011] E7106FB6F692C8CE06BA4A7B00DEE2BF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk --a---- 1710 bytes [17:11 26/10/2011] [17:42 05/05/2012] 76E6A4B580C7CB75B44E711FD79845FD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk --a---- 1772 bytes [17:11 26/10/2011] [17:11 26/10/2011] C98F1EDB7308F108E2AA5DA1805F0B60
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\Launch WhiteSmoke.lnk --a---- 1710 bytes [17:11 26/10/2011] [17:42 05/05/2012] 76E6A4B580C7CB75B44E711FD79845FD
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke\WhiteSmoke registration.lnk --a---- 1772 bytes [17:11 26/10/2011] [17:11 26/10/2011] C98F1EDB7308F108E2AA5DA1805F0B60
C:\Users\Nicole\AppData\LocalLow\WhiteSmoke\html\english\userGuide\images\ConfiguringWhiteSmoke.png --a---- 42908 bytes [22:48 10/05/2012] [07:52 26/12/2011] 9EAD1534DD95A75FB77596D6CFCD08B9
C:\Users\Nicole\AppData\LocalLow\WhiteSmoke\html\english\userGuide\images\WhiteSmokeEmailCheck.png --a---- 69220 bytes [22:48 10/05/2012] [07:52 26/12/2011] 2B49C12EF9C0E9EFA8B7AFC4FCC50F16
C:\Users\Nicole\AppData\LocalLow\WhiteSmoke\html\english\userGuide\images\WhiteSmokeOverview.png --a---- 63327 bytes [22:48 10/05/2012] [07:52 26/12/2011] E7106FB6F692C8CE06BA4A7B00DEE2BF
C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch WhiteSmoke.lnk --a---- 1752 bytes [17:11 26/10/2011] [17:42 05/05/2012] C2364A05226618744D6EA12571BA9F3D
C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmoke.lnk --a---- 1728 bytes [17:11 26/10/2011] [17:42 05/05/2012] 2F2237D6560435EA68A81E753B15976B
C:\Users\Nicole\Downloads\WhiteSmoke_Enrichment_Full (1).exe --a---- 7947728 bytes [17:38 05/05/2012] [17:39 05/05/2012] 1EE1EFEC5A98854925A04682CE1B4025
C:\Users\Nicole\Downloads\WhiteSmoke_Enrichment_Full (2).exe --a---- 7947728 bytes [17:40 05/05/2012] [17:40 05/05/2012] 1EE1EFEC5A98854925A04682CE1B4025
C:\Users\Nicole\Downloads\WhiteSmoke_Enrichment_Full.exe --a---- 7947728 bytes [17:25 05/05/2012] [17:25 05/05/2012] 1EE1EFEC5A98854925A04682CE1B4025
C:\Users\Public\Desktop\WhiteSmoke.lnk --a---- 1692 bytes [17:26 05/05/2012] [17:42 05/05/2012] D87A0E4465DD908AC832A5D12A27B249

Searching for "*Qwiklinx*"
No files found.

========== folderfind ==========

Searching for "*whitesmoke*"
C:\Program Files\WhiteSmoke d------ [17:11 26/10/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [17:11 26/10/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [17:11 26/10/2011]
C:\Users\Nicole\AppData\LocalLow\WhiteSmoke d------ [22:48 10/05/2012]
C:\Users\Nicole\AppData\Roaming\WhiteSmoke d------ [17:13 26/10/2011]

Searching for "*Qwiklinx*"
C:\Users\Nicole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Qwiklinx d------ [09:22 19/08/2012]
C:\Users\Nicole\AppData\Roaming\Qwiklinx d------ [22:40 18/08/2012]

========== Regfind ==========

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WhiteSmoke"="C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe"
[HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"UninstallString"="C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"DisplayIcon"="C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"URLInfoAbout"="http://www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke]
"Publisher"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
"Dir"="C:\Program Files\WhiteSmoke\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
"ProductName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke]
"WebsiteUrl"="www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"PostURL"="http://grammar.whitesmoke.com/client_v2/post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"WebTemplateWelcome"="http://grammar.whitesmoke.com/client_v2/templates/template_welcome.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"Support"="http://grammar.whitesmoke.com/client_V2/index.html?state=2&amp;d=11&amp;a=8&amp;r=0&amp;utm_source=WhiteSmokeSoftware&amp;utm_medium=Client&amp;utm_content=SupportButton&amp;utm_campaign=SupportButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"UpgradeProfile"="https://buy.whitesmoke.com/?d=11&amp;a=8&amp;r=0&amp;utm_source=WhiteSmokeSoftware&amp;utm_medium=Client&amp;utm_content=BuyButton&amp;utm_campaign=BuyButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"DictURL"="http://grammar.whitesmoke.com/client_v2/lib/action.post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"DictLanding"="http://grammar.whitesmoke.com/client_v2/dict/promotion.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"DictExpired"="http://grammar.whitesmoke.com/client_v2/dict/expired.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"WebClient"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen1.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"Demo"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"Purchase"="http://www.whitesmoke.com/buy.php?id_client=7"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"RegistrationForm"="http://whitesmoke.com/registersoft/"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"UseIt"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&amp;d=11&amp;a=8&amp;r=0&amp;utm_source=WhiteSmokeSoftware&amp;utm_medium=Client&amp;utm_content=GuideButton&amp;utm_campaign=GuideButton&amp;first_time=yes&amp;"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"UserGuide"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&amp;d=11&amp;a=8&amp;r=0&amp;utm_source=WhiteSmokeSoftware&amp;utm_medium=Client&amp;utm_content=GuideButton&amp;utm_campaign=GuideButton&amp;"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"WelcomeURL"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke\SoftwareUrls]
"FAQ"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=3&amp;d=11&amp;a=8&amp;r=0&amp;utm_source=WhiteSmokeSoftware&amp;utm_medium=Client&amp;utm_content=FaqButton&amp;utm_campaign=FaqButton"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WhiteSmoke"="C:\Program Files\WhiteSmoke\Uninstall_WhiteSmoke.exe"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\WhiteSmoke]

Searching for "Qwiklinx"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Qwiklinx]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Qwiklinx\unins000.exe"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\ProcessDetector.exe"="IEDetector"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\UnInstallPlugin.exe"="UnInstallPlugin"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Qwiklinx]
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Qwiklinx\unins000.exe"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\ProcessDetector.exe"="IEDetector"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\UnInstallPlugin.exe"="UnInstallPlugin"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\Qwiklinx\unins000.exe"="Setup/Uninstall"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\ProcessDetector.exe"="IEDetector"
[HKEY_USERS\S-1-5-21-3404251217-2559953846-1342176442-1004_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Nicole\AppData\Roaming\Qwiklinx\UnInstallPlugin.exe"="UnInstallPlugin"

-= EOF =-
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 28th, 2012, 5:30 am

Hi Nicole,
Also want to point out that when i downloaded OTL, Norton popped up with a warning stating that I am one of very few people ever to download OTL. I obviously downloaded it anyway.
That happens now and then, i did mention this in my first post.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next.

Please download MGA Diagnostic Tool and save it to your Desktop.

  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Logs/Information to Post in your Next Reply

  • CKFiles.txt.
  • MGADiag log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 28th, 2012, 1:37 pm

Unfortunately the CKScanner would not work...just kept freezing up. I tried a million times.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-WWR7C-QF2M7-2TB37
Windows Product Key Hash: YqRmTj4qWYwTYqB/WJzBj8/adyc=
Windows Product ID: 89578-OEM-7332157-00056
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {41F7C0C0-6297-40FF-BC3D-180B06361B10}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.120402-0336
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Ultimate 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_672A8F41-307-80004005_672A8F41-349-80004005_672A8F41-244-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Nicole\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{41F7C0C0-6297-40FF-BC3D-180B06361B10}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2TB37</PKey><PID>89578-OEM-7332157-00056</PID><PIDType>2</PIDType><SID>S-1-5-21-3404251217-2559953846-1342176442</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>2222222</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>52KT37AUS</Version><SMBIOSVersion major="2" minor="5"/><Date>20080425000000.000000+000</Date></BIOS><HWID>80303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-03 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002E-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Ultimate 2007</Name><Ver>12</Ver><Val>BECF7E15E5CDF0E</Val><Hash>/0fzZQqhHm6Jj+hZohD4uRtgid8=</Hash><Pid>81608-903-2216091-65530</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500056-02-1033-6001.0000-2412008
Installation ID: 012165774544555236390835200863588990639620293050433251
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 2TB37
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAIAAQABAAAAAgABAAEA6GGg7eawdFYWbqp2SOTe9IaTznDy9PZgoqmsViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO OEMAPIC
FACP LENOVO OEMFACP
HPET LENOVO OEMHPET
MCFG LENOVO OEMMCFG
SLIC LENOVO TC-03
OEMB LENOVO AMI_OEM
ASF! LEGEND I865PASF
GSCI LENOVO GMCHSCI
SSDT DpgPmm CpuPm
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 28th, 2012, 1:53 pm

Hi Nicole,
Unfortunately the CKScanner would not work...just kept freezing up. I tried a million times.

First be sure that CKScanner is saved to your Desktop this is important, and run it from there.
It may look like it has froze, but give it time to complete the scan.
After a very short time, when the cursor hourglass disappears, click Save List To File.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Hope to get help with an ib.adnxs virus

Unread postby nicole67 » August 28th, 2012, 3:44 pm

Sorry, as soon as I click RUN it gives me the box,but I can't figure out how to save it to the desktop.
nicole67
Active Member
 
Posts: 9
Joined: August 25th, 2012, 2:57 pm

Re: Hope to get help with an ib.adnxs virus

Unread postby Cypher » August 29th, 2012, 5:41 am

Hi Nicole,
Sorry, as soon as I click RUN it gives me the box,but I can't figure out how to save it to the desktop.

In Internet Explorer click the download link, click on the Drop down arrow next to save then chose Save as.
Chose your Desktop as the download location then click Save.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware