WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE10 browser & Outlook.com erratic [Solved]

Started by kangaroo , Jan 19 2014 11:13 PM

This topic is locked

35 replies to this topic

#1 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 19 January 2014 - 11:13 PM

An elderly friend asked me to help when she couldn't browse.

Her system is Dell Inspiron 1545 with Windows 7 Home Premium 64-bit and Internet Explorer 10.

She uses Outlook.com (ported from Hotmail) for email and has this set as her home page in IE10.

When she opened IE, her Inbox at Outlook.com loaded but she couldn't browse to any other site. If she clicked on the New Tab stub, a new tab opened but loaded her Outlook.com Inbox. If she entered search term/s in her Google Toolbar search box, nothing happened; the page just displayed the Outlook.com Inbox. The same result came from typing a URL into the address box.

She runs Avast Internet Security. When I visited on 6 January, she had a warning that Avast needed to be renewed. We clicked the Renew Now button and made the payment and received a transaction number; however, we could not go to the Avast website.

I then set a full Avast scan running and asked her to let me know the result. No threats were found. A few days later her son visited and he installed and ran Malwarebytes and found a number of threats which he deleted.

When she returned from a trip away, I asked if she could now browse but she said that she couldn't open any emails. I went to her place and collected the PC to work on. I found that IE does now load other websites, either from links; from Google searches (which now work) or by entering a URL in the address box.

I then found the Avast message acknowledging her renewal and attaching a licence renewal file. When this was saved to the desktop and opened it gave an error that it was unable to load. I've sent a message to Avast Tech Support noting that the renewal was made on 6 January and that the licence renewal file couldn't be accessed until 20 January when it wouldn't load.

I then found that her problem of not being able to open emails was because the Reading Pane was set to Off. I had to access her account settings to reset this to Right and could then read the messages. I can also now send and receive emails in Outlook.com.

However, when I click on the New Tab stub in IE, it opens a new tab but loads Outlook.com Inbox (as though it is going to the home page).

Now loading web pages can be very slow or quite quick; even with the same site. And sometimes Outlook.com simply doesn't respond showing the wait donut beside the mouse pointer indefinitely.

I have run the OTL tool (run as administrator) as requested and the logs follow.

The Extras.Txt log is:

OTL Extras logfile created on: 1/20/2014 9:30:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heather\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 70.03% Memory free
7.99 Gb Paging File | 6.54 Gb Available in Paging File | 81.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 393.90 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002960A2-FED6-45D0-A9B8-E3365C65B1A5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{02832166-069A-4FB1-BD6A-EA61390BBDBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19B09EA4-C3A7-433E-9D5D-E5630B6949AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A962D08-7E6D-414C-B16C-46CB52BEDEAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{22F1912F-0E84-4A47-BE41-3A607653CC39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{234DDD02-19DA-47BA-A472-7B8110182D27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F7EBC34-2C0D-4EBA-BC5A-B059CE44DBB3}" = rport=138 | protocol=17 | dir=out | app=system |
"{44FA4814-6FE9-4708-B288-2636349E9B77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45AFB83F-DE44-4FE5-9DEB-A90506BC3AC6}" = lport=137 | protocol=17 | dir=in | app=system |
"{493E9386-6219-43DE-B23A-5BE10327D126}" = rport=445 | protocol=6 | dir=out | app=system |
"{5583F738-42AD-4643-A976-5BFB90AA6EE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{5967CCE9-56B7-45CB-8940-0DF72C59F665}" = lport=139 | protocol=6 | dir=in | app=system |
"{6FC720B4-1738-4A9C-9DD5-E080D1F35B6F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82064AD5-85AE-4D2B-B3D9-F6FAB356B9EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{86E0007A-2DCB-4EE0-ADAF-B954943F9865}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{933A70B7-4BA5-4F8C-A602-1481BD9A9B21}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97CBC317-7091-44BF-9092-09CD27A15DB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C204C8D-9976-408D-8137-16847CA1E7C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DBA4F77-10A6-4664-B584-2DC2A389A899}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E665AE2-07F3-46F8-A82C-95F9FCA82E35}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AD9D82FC-0243-4D58-A61A-95610C2DFD5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBA1712D-5336-4F78-ADA8-1BC33E73A0A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E734192E-1E0D-4895-97F1-4DF504FE5A4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7C7CCC1-17FC-4E55-92B5-E3A4AFE8760E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC4A262E-31A8-4A4C-BFB5-25586EA9B04A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC5623B8-43FA-492B-89F8-E7D326EA81C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD91D95E-9488-473A-AB7D-E513B2A94030}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078F8482-5BF5-4532-810C-8B8EB0176DC4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D6DAE81-F19D-4C08-B761-BC12980079F4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E68CB5D-2017-47DA-BBAB-863A24EFEE9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16862941-125E-4665-A1E7-44F11B605AD8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{1F74FFC0-E56D-43E2-BF2B-CA8F1F3AF605}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{236220E7-9EE3-4BB2-8730-B8572BA096D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31092D4A-9475-45A2-B52F-21FB9BA51103}" = protocol=58 | dir=in | app=system |
"{35984CFE-D099-4C97-8E49-A1AA9C238D7B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{3DA4A959-16D6-4966-A4B5-70EF966FB1E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45D8B61E-0FCC-43A9-A0D0-F6C2E39B3227}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{487F8B30-2AE8-43DA-812B-8C62BA12E475}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4967F6AF-EEE0-45F1-8639-DCDCBCE074B8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4D3DE7E4-DC06-4955-8221-7808DB98F3DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5449F8DD-5F45-46BB-8BCC-C98B05D882B2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{54585C52-268E-41AF-BD36-270044078028}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{5691A1D2-B65B-48DE-A191-B9E7214AA35A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{57AB3033-57CE-4F74-ACC8-82C0192C7A09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B09CC31-D91C-445D-90AB-361573A85F53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DCD8660-4626-4F29-89B1-11289478A2A6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62D35A31-AABB-4A03-AA6D-42CD1467FFC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7A82192F-82E7-4FE0-869D-D93F0ED709BF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{7B4EF675-1DDF-4084-A674-79618F10098E}" = protocol=6 | dir=out | app=system |
"{7D527635-F1F6-465E-BEB9-3CC072A47B5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{806D2530-A901-4606-BD1D-D8957D509F38}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{8B624156-DF3E-4555-B902-9BFDAE457804}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F24DA87-D007-4212-B6AB-2A45764FB1B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{941A846E-0862-4713-BF6A-0779144F703F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C76F4E6-4A66-476B-97CC-D25C938E634D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4672303-6E9C-478E-A931-63806B5074D2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE73E22C-8DCA-4E33-AE68-BE956EEFC89D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C60B4CB7-5E43-4669-971D-D30EEED46E83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C61F7EBE-EE10-4D42-B441-16DBD9CE00B3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{D3B0A7ED-92EB-4DAB-AC93-96C91B4BCDD8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{D40E6D08-B84B-408D-8631-F1DB65952707}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{EBA8933E-BE49-4D29-B23A-E0F4E3BE5273}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{EE98698F-28B1-46A4-87A2-BEA9D2032D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFA6D3E1-ABF5-467A-8E6F-EDE2817204D0}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{FA8308B5-2BE2-4CAC-A18A-7D1A8F62EF47}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{FF024AED-6953-4520-A9F7-8C57F292A8B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22CADDC7-6ADD-439C-B313-8D53DC8D86ED}" = Eureka's Jigsaw Mania
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Internet Security
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Virgin Mobile" = Virgin Mobile
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2014 1:27:47 AM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: STString.dll, version: 1.1.0.5, time stamp:
0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process id:
0xc0c Faulting application start time: 0x01cf10adbfb42e49 Faulting application path:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Report
Id: 99758599-7cdc-11e3-849a-0025647abf95

Error - 1/14/2014 1:27:55 AM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0150010 Fault offset: 0x0008482b Faulting process
id: 0xc0c Faulting application start time: 0x01cf10adbfb42e49 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 9ebb033c-7cdc-11e3-849a-0025647abf95

Error - 1/14/2014 6:20:35 PM | Computer Name = Heather-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/14/2014 8:55:32 PM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: STString.dll, version: 1.1.0.5, time stamp:
0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process id:
0xd44 Faulting application start time: 0x01cf11714ee4c209 Faulting application path:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Report
Id: bb8578c1-7d7f-11e3-84f1-0025647abf95

Error - 1/14/2014 8:55:32 PM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0150010 Fault offset: 0x0008482b Faulting process
id: 0xd44 Faulting application start time: 0x01cf11714ee4c209 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bbc8ea73-7d7f-11e3-84f1-0025647abf95

Error - 1/16/2014 5:45:02 PM | Computer Name = Heather-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/16/2014 9:01:17 PM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: STString.dll, version: 1.1.0.5, time stamp:
0x47e11d41 Exception code: 0xc0000005 Fault offset: 0x0000abcc Faulting process id:
0xce4 Faulting application start time: 0x01cf126a3efab8c4 Faulting application path:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Report
Id: dde2ec04-7f12-11e3-8444-0025647abf95

Error - 1/16/2014 9:01:23 PM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STService.exe, version: 1.0.0.61, time
stamp: 0x4aaa8b1e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time
stamp: 0x521ea8e7 Exception code: 0xc0150010 Fault offset: 0x0008482b Faulting process
id: 0xce4 Faulting application start time: 0x01cf126a3efab8c4 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e1ce0a97-7f12-11e3-8444-0025647abf95

Error - 1/16/2014 9:19:32 PM | Computer Name = Heather-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

Error - 11/20/2013 8:01:53 PM | Computer Name = Heather-PC | Source = WLAN-Tray | ID = 0
Description = 11:01:52, Thu, Nov 21, 13 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 2/6/2013 6:14:16 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 9:14:16 AM - Error connecting to the internet. 9:14:16 AM -     Unable
to contact server..

Error - 2/6/2013 6:14:25 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 9:14:21 AM - Error connecting to the internet. 9:14:21 AM -     Unable
to contact server..

Error - 2/10/2013 2:17:37 AM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 5:17:37 PM - Error connecting to the internet. 5:17:37 PM -     Unable
to contact server..

Error - 2/10/2013 2:17:46 AM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 5:17:43 PM - Error connecting to the internet. 5:17:43 PM -     Unable
to contact server..

Error - 2/11/2013 4:49:39 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 7:49:35 AM - Error connecting to the internet. 7:49:35 AM -     Unable
to contact server..

Error - 2/12/2013 7:50:33 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 10:50:33 AM - Error connecting to the internet. 10:50:33 AM -     Unable
to contact server..

Error - 2/12/2013 7:50:42 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 10:50:38 AM - Error connecting to the internet. 10:50:38 AM -     Unable
to contact server..

Error - 2/19/2013 5:56:42 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 8:56:42 AM - Error connecting to the internet. 8:56:42 AM -     Unable
to contact server..

Error - 2/19/2013 5:56:53 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 8:56:47 AM - Error connecting to the internet. 8:56:47 AM -     Unable
to contact server..

Error - 2/22/2013 5:56:16 PM | Computer Name = Heather-PC | Source = MCUpdate | ID = 0
Description = 8:56:12 AM - Error connecting to the internet. 8:56:12 AM -     Unable
to contact server..

[ System Events ]
Error - 1/12/2014 4:06:27 PM | Computer Name = Heather-PC | Source = DCOM | ID = 10010
Description =

Error - 1/14/2014 1:27:39 AM | Computer Name = Heather-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 1/15/2014 8:04:02 PM | Computer Name = Heather-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/15/2014 8:04:02 PM | Computer Name = Heather-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/15/2014 9:03:56 PM | Computer Name = Heather-PC | Source = DCOM | ID = 10010
Description =

Error - 1/15/2014 9:47:53 PM | Computer Name = Heather-PC | Source = DCOM | ID = 10010
Description =

Error - 1/15/2014 9:49:49 PM | Computer Name = Heather-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:47:57 PM on ?16/?01/?2014 was unexpected.

Error - 1/15/2014 9:50:22 PM | Computer Name = Heather-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/15/2014 9:50:22 PM | Computer Name = Heather-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 1/15/2014 9:50:38 PM | Computer Name = Heather-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

The OTL.TXT log is posted in a reply to shorten this message.

Advertisements

Register to Remove

#2 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 19 January 2014 - 11:14 PM

And here is the OTL.TXT log:

OTL logfile created on: 1/20/2014 9:30:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heather\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 70.03% Memory free
7.99 Gb Paging File | 6.54 Gb Available in Paging File | 81.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 393.90 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Heather\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe (Dell Inc.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MonitorFunction) -- C:\Windows\SysNative\drivers\TVMonitor.sys (TeamViewer GmbH)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CryptOSD) -- C:\Windows\SysNative\drivers\CryptOSD.sys (Phoenix Technologies)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Packet) -- C:\Windows\SysNative\drivers\packet.sys (SingleClick Systems)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...osoft:{language}:

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CB3DF9EE-FAA7-4C43-A1E5-A66DA0373B9F}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...referrer:source?}

&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...ch/GGmain.jhtml?

p2=^YK^xdm014^LENAU^au&si=COGT1tKm3LACFU-HpAodADzV1g&ptb=3F273637-E459-4A90-A07C-A6333BCF293A&psa=&ind=2012062003&st=sb&n=77eda133&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{F9CE3CC5-4B23-4E0E-96A6-C27341BE6028}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://col125.mail....64855&rru=inbox
IE - HKCU\..\SearchScopes,DefaultScope = {6E832048-EB4E-4283-B3C0-C63805383F70}
IE - HKCU\..\SearchScopes\{1EBBCC36-FC92-46E4-A598-F9BFAA11F35B}: "URL" = http://www.google.co...referrer:source?}

&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6E832048-EB4E-4283-B3C0-C63805383F70}: "URL" = http://www.google.co...osoft:{language}:

{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...ch/GGmain.jhtml?

p2=^YK^xdm014^LENAU^au&si=COGT1tKm3LACFU-HpAodADzV1g&ptb=3F273637-E459-4A90-A07C-A6333BCF293A&psa=&ind=2012062003&st=sb&n=77eda133&searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft

Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}

{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}

{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&

{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: Skype Click to Call = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/07/22 13:45:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google

Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

(Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST

Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST

Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A155CB74-E386-471E-AB6C-3425506114CD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6C2499-BF14-49E4-8F14-0770F1A97EF5}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype

Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 09:28:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2014/01/16 10:45:14 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/16 10:45:13 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/16 10:40:20 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/13 07:14:38 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/10 19:09:07 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/01/10 19:09:07 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/01/10 19:09:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/01/10 19:09:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/01/10 19:09:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/01/10 19:09:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014/01/10 19:09:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014/01/10 19:09:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/01/10 19:09:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/01/10 19:09:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/01/10 19:09:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/01/10 19:09:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/01/10 19:09:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/01/10 19:09:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/01/10 19:09:00 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/01/09 18:18:32 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Macrovision
[2014/01/07 14:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Mobile
[2014/01/07 14:26:44 | 000,216,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2014/01/07 14:26:44 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2014/01/07 14:26:44 | 000,114,560 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2014/01/07 14:26:44 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2014/01/07 14:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virgin Mobile
[2010/02/08 09:36:11 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Heather\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2014/01/20 09:30:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 09:30:02 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/20 09:30:02 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/20 09:30:02 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/20 09:29:14 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 09:29:14 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 09:21:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 09:21:45 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/20 09:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 09:21:25 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/19 16:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2014/01/18 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/18 10:52:56 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2014/01/17 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2014/01/16 11:03:31 | 000,310,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/13 19:14:45 | 000,439,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys
[2014/01/13 07:15:35 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/01/13 07:15:35 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/01/13 07:15:07 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/13 07:14:36 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/13 07:14:36 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/13 07:14:36 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/13 07:14:36 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/13 07:14:36 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/13 07:14:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/12 20:11:19 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2014/01/09 18:21:03 | 000,001,091 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/09 18:21:03 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 16:06:50 | 000,002,262 | ---- | M] () -- C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
[2014/01/07 14:26:47 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Mobile.lnk

========== Files Created - No Company Name ==========

[2014/01/09 18:21:03 | 000,001,091 | ---- | C] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2014/01/09 18:21:03 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/07 16:06:50 | 000,002,262 | ---- | C] () -- C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
[2014/01/07 14:26:47 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Mobile.lnk
[2014/01/07 10:29:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2010/05/21 12:26:48 | 002,313,728 | ---- | C] () -- C:\Users\Heather\la_vie.pps
[2010/02/08 17:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 13:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/11 16:37:17 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\.minecraft
[2013/11/20 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\AVAST Software
[2013/10/06 18:13:24 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\DriverCure
[2013/07/09 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Oracle
[2013/10/06 18:13:24 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\SpeedMaxPc
[2013/06/10 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\TeamViewer
[2013/06/07 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Upidbu
[2012/06/17 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/14 13:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-

s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/11 07:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-

grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 17:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 16:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 12:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 16:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 16:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 17:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 17:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 17:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 17:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 16:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/21 00:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 17:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 16:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 12:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 17:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 17:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2013/06/07 19:29:58 | 000,051,928 | ---- | M] () MD5=E887F98CD5B28446E6D51A88336F68C8 -- C:\Windows\temp\bd7c6fad-1d4a-49f0-a528-9b235b554cd9\explorer.exe
[2009/08/03 17:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 13:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 13:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-

explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 13:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 13:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-

explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2012/06/02 22:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/09 12:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/18 10:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2013/05/17 13:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/14 13:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/29 16:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 17:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2010/09/08 15:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2013/08/10 17:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 18:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 18:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/18 09:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 19:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2011/04/23 07:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2013/04/30 12:41:06 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[2013/02/25 11:58:09 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=28F93BAFB3EB407E99A7ED3D9DBDE04C -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_ffb93ba237e760ce\iexplore.exe
[2013/06/12 15:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/14 12:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 22:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/04/05 16:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[2013/06/12 11:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/22 15:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 20:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 17:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/10 15:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/17 12:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/10/13 08:42:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=39D0074C59F6D1A62731942C7FA8B60B -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_167ae4781e4936f5\iexplore.exe
[2013/10/12 20:49:48 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=3C8C00380462B1023C9F8EA2A9A7A137 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_ffa340aa37f7ff34\iexplore.exe
[2013/02/22 15:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2010/09/08 16:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2013/08/10 16:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 23:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2010/09/08 16:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2012/05/18 13:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2010/11/04 16:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2012/08/24 21:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/29 13:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 23:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2010/09/08 15:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2012/08/24 18:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2011/04/23 06:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2013/02/21 23:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
[2013/04/30 12:41:06 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe
[2013/01/09 09:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/04 16:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2010/12/18 17:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2013/07/26 14:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 19:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/21 00:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/10/25 15:45:28 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8AA8CFAF04E518C81E0C515585CD6AE4 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_ffa5e0b637f57e7b\iexplore.exe
[2010/12/18 17:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2013/07/26 16:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/10/25 18:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/10/25 18:41:14 | 000,775,344 | ---- | M] (Microsoft Corporation) MD5=8E6225096C44271A88FD201C7188BDFC -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_167d6dbc1e46cfdd\iexplore.exe
[2013/05/17 14:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2011/07/04 10:17:10 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/07/04 10:17:10 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 16:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2012/06/29 12:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/12 13:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/10/12 18:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[2013/10/25 16:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/10/25 16:22:15 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9ED469260687108F5F8FD544D56ABC54 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[2013/02/25 10:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[2013/02/02 15:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2013/10/25 12:16:38 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=A8130AEDCC06FBDEBEC8E34732C01A16 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20861_none_09fa8b086c564076\iexplore.exe
[2013/02/02 18:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2010/12/18 16:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2013/04/05 17:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2011/02/24 16:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2012/11/16 14:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 18:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2011/02/24 17:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012/06/02 19:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 23:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 16:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2013/06/12 18:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/04/05 18:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 19:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/23 10:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2011/04/23 07:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2013/10/12 18:44:13 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[2010/11/04 17:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2013/09/23 11:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/02 15:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/04/05 18:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
[2011/02/24 17:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 17:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2013/02/21 22:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[2013/07/26 16:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/23 12:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/29 10:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/05/17 14:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/09 11:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/09 08:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/07/04 10:17:10 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 12:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 22:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/14 13:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/23 12:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/18 12:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2011/04/23 06:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2012/11/14 18:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-

i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.1028.HTML >
[2013/04/04 04:51:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1028.html

< MD5 for: IEXPLORE.EXE.1048.HTML >
[2013/05/07 09:55:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1048.html

< MD5 for: IEXPLORE.EXE.1076.HTML >
[2013/08/05 19:42:46 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1076.html

< MD5 for: IEXPLORE.EXE.1104.HTML >
[2013/05/13 16:54:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1104.html

< MD5 for: IEXPLORE.EXE.1112.HTML >
[2013/05/18 06:02:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1112.html

< MD5 for: IEXPLORE.EXE.1128.HTML >
[2013/04/02 13:39:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1128.html

< MD5 for: IEXPLORE.EXE.1156.HTML >
[2013/03/13 09:02:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1156.html

< MD5 for: IEXPLORE.EXE.1180.HTML >
[2013/06/05 19:46:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1180.html

< MD5 for: IEXPLORE.EXE.1196.HTML >
[2013/03/22 10:37:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1196.html

< MD5 for: IEXPLORE.EXE.1220.HTML >
[2013/05/10 11:57:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1220.html

< MD5 for: IEXPLORE.EXE.1224.HTML >
[2013/08/05 14:28:00 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1224.html

< MD5 for: IEXPLORE.EXE.1236.HTML >
[2013/05/24 10:10:49 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1236.html

< MD5 for: IEXPLORE.EXE.1244.HTML >
[2013/04/23 10:30:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1244.html

< MD5 for: IEXPLORE.EXE.1284.HTML >
[2013/08/04 19:48:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1284.html

< MD5 for: IEXPLORE.EXE.1304.HTML >
[2013/05/19 17:53:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1304.html

< MD5 for: IEXPLORE.EXE.1316.HTML >
[2013/03/27 09:30:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1316.html

< MD5 for: IEXPLORE.EXE.1352.HTML >
[2013/04/27 14:49:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1352.html

< MD5 for: IEXPLORE.EXE.1356.HTML >
[2013/08/28 22:05:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1356.html

< MD5 for: IEXPLORE.EXE.1400.HTML >
[2013/05/04 10:17:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1400.html

< MD5 for: IEXPLORE.EXE.1424.HTML >
[2013/04/11 11:15:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1424.html

< MD5 for: IEXPLORE.EXE.148.HTML >
[2013/07/22 17:03:09 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.148.html

< MD5 for: IEXPLORE.EXE.1516.HTML >
[2013/07/10 16:18:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1516.html

< MD5 for: IEXPLORE.EXE.1520.HTML >
[2013/03/04 13:08:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1520.html

< MD5 for: IEXPLORE.EXE.1580.HTML >
[2013/04/28 15:26:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1580.html

< MD5 for: IEXPLORE.EXE.1592.HTML >
[2013/07/09 19:04:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1592.html

< MD5 for: IEXPLORE.EXE.1616.HTML >
[2013/05/11 11:43:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1616.html

< MD5 for: IEXPLORE.EXE.1624.HTML >
[2013/05/20 18:26:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1624.html

< MD5 for: IEXPLORE.EXE.1640.HTML >
[2013/04/09 10:07:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1640.html

< MD5 for: IEXPLORE.EXE.1652.HTML >
[2013/08/05 14:28:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1652.html

< MD5 for: IEXPLORE.EXE.1676.HTML >
[2013/08/18 19:48:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1676.html

< MD5 for: IEXPLORE.EXE.168.HTML >
[2013/05/10 22:31:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.168.html

< MD5 for: IEXPLORE.EXE.1784.HTML >
[2013/08/22 11:39:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1784.html

< MD5 for: IEXPLORE.EXE.1812.HTML >
[2013/04/21 10:15:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.1812.html

< MD5 for: IEXPLORE.EXE.1856.HTML >
[2013/06/06 20:54:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1856.html

< MD5 for: IEXPLORE.EXE.1880.HTML >
[2013/07/28 19:00:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1880.html

< MD5 for: IEXPLORE.EXE.1916.HTML >
[2013/05/22 11:41:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1916.html

< MD5 for: IEXPLORE.EXE.1980.HTML >
[2013/05/22 21:25:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.1980.html

< MD5 for: IEXPLORE.EXE.2008.HTML >
[2013/08/11 09:19:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2008.html

< MD5 for: IEXPLORE.EXE.2028.HTML >
[2013/04/15 18:10:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2028.html

< MD5 for: IEXPLORE.EXE.2144.HTML >
[2013/04/25 16:09:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2144.html

< MD5 for: IEXPLORE.EXE.2160.HTML >
[2013/04/03 10:07:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2160.html

< MD5 for: IEXPLORE.EXE.2164.HTML >
[2013/07/18 18:50:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2164.html

< MD5 for: IEXPLORE.EXE.2168.HTML >
[2013/08/13 10:15:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2168.html

< MD5 for: IEXPLORE.EXE.2184.HTML >
[2013/07/25 10:39:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2184.html

< MD5 for: IEXPLORE.EXE.2208.HTML >
[2013/03/25 09:42:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2208.html

< MD5 for: IEXPLORE.EXE.2232.HTML >
[2013/08/03 19:35:08 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2232.html

< MD5 for: IEXPLORE.EXE.2288.HTML >
[2013/04/04 19:03:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2288.html

< MD5 for: IEXPLORE.EXE.2312.HTML >
[2013/03/04 04:42:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2312.html

< MD5 for: IEXPLORE.EXE.2324.HTML >
[2013/07/31 10:44:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2324.html

< MD5 for: IEXPLORE.EXE.2372.HTML >
[2013/04/08 08:11:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2372.html

< MD5 for: IEXPLORE.EXE.2380.HTML >
[2013/05/05 14:19:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2380.html

< MD5 for: IEXPLORE.EXE.2392.HTML >
[2013/05/04 16:42:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2392.html

< MD5 for: IEXPLORE.EXE.2396.HTML >
[2013/03/22 09:43:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2396.html

< MD5 for: IEXPLORE.EXE.2400.HTML >
[2013/05/24 16:25:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2400.html

< MD5 for: IEXPLORE.EXE.2408.HTML >
[2013/07/27 20:35:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2408.html

< MD5 for: IEXPLORE.EXE.2416.HTML >
[2013/05/16 21:16:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2416.html

< MD5 for: IEXPLORE.EXE.2420.HTML >
[2013/04/25 20:10:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2420.html

< MD5 for: IEXPLORE.EXE.2440.HTML >
[2013/07/25 19:10:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2440.html

< MD5 for: IEXPLORE.EXE.2448.HTML >
[2013/05/02 18:51:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2448.html

< MD5 for: IEXPLORE.EXE.2460.HTML >
[2013/03/16 18:03:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2460.html

< MD5 for: IEXPLORE.EXE.2472.HTML >
[2013/03/21 09:30:56 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2472.html

< MD5 for: IEXPLORE.EXE.2492.HTML >
[2013/07/14 17:16:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2492.html

< MD5 for: IEXPLORE.EXE.2500.HTML >
[2013/03/21 09:30:56 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2500.html

< MD5 for: IEXPLORE.EXE.2548.HTML >
[2013/08/07 13:03:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2548.html

< MD5 for: IEXPLORE.EXE.256.HTML >
[2013/05/13 16:44:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.256.html

< MD5 for: IEXPLORE.EXE.2568.HTML >
[2013/03/06 15:19:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2568.html

< MD5 for: IEXPLORE.EXE.2580.HTML >
[2013/08/06 15:51:56 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2580.html

< MD5 for: IEXPLORE.EXE.2596.HTML >
[2013/04/07 16:26:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2596.html

< MD5 for: IEXPLORE.EXE.2600.HTML >
[2013/04/30 20:10:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2600.html

< MD5 for: IEXPLORE.EXE.2640.HTML >
[2013/06/05 19:57:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2640.html

< MD5 for: IEXPLORE.EXE.2680.HTML >
[2013/03/29 15:44:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2680.html

< MD5 for: IEXPLORE.EXE.2688.HTML >
[2013/04/21 10:15:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2688.html

< MD5 for: IEXPLORE.EXE.2692.HTML >
[2013/04/27 17:46:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2692.html

< MD5 for: IEXPLORE.EXE.2700.HTML >
[2013/03/16 04:09:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2700.html

< MD5 for: IEXPLORE.EXE.2712.HTML >
[2013/05/12 18:40:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2712.html

< MD5 for: IEXPLORE.EXE.2736.HTML >
[2013/08/07 18:05:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2736.html

< MD5 for: IEXPLORE.EXE.2748.HTML >
[2013/03/12 11:40:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2748.html

< MD5 for: IEXPLORE.EXE.2756.HTML >
[2013/08/27 10:06:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2756.html

< MD5 for: IEXPLORE.EXE.2800.HTML >
[2013/05/20 15:36:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2800.html

< MD5 for: IEXPLORE.EXE.2808.HTML >
[2013/05/19 18:16:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2808.html

< MD5 for: IEXPLORE.EXE.2812.HTML >
[2013/06/10 18:10:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2812.html

< MD5 for: IEXPLORE.EXE.2824.HTML >
[2013/08/23 10:00:53 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2824.html

< MD5 for: IEXPLORE.EXE.2848.HTML >
[2013/08/09 12:44:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2848.html

< MD5 for: IEXPLORE.EXE.2856.HTML >
[2013/07/23 19:18:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2856.html

< MD5 for: IEXPLORE.EXE.2868.HTML >
[2013/04/08 08:54:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2868.html

< MD5 for: IEXPLORE.EXE.2884.HTML >
[2013/04/29 18:23:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2884.html

< MD5 for: IEXPLORE.EXE.2888.HTML >
[2013/06/06 10:40:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2888.html

< MD5 for: IEXPLORE.EXE.2892.HTML >
[2013/05/05 19:09:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2892.html

< MD5 for: IEXPLORE.EXE.2900.HTML >
[2013/07/31 19:36:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2900.html

< MD5 for: IEXPLORE.EXE.2904.HTML >
[2013/06/02 11:48:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2904.html

< MD5 for: IEXPLORE.EXE.2916.HTML >
[2013/03/22 09:28:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2916.html

< MD5 for: IEXPLORE.EXE.2928.HTML >
[2013/05/13 16:26:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2928.html

< MD5 for: IEXPLORE.EXE.2932.HTML >
[2013/04/19 12:58:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2932.html

< MD5 for: IEXPLORE.EXE.2952.HTML >
[2013/08/04 10:30:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2952.html

< MD5 for: IEXPLORE.EXE.2956.HTML >
[2013/04/05 12:30:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.2956.html

< MD5 for: IEXPLORE.EXE.2964.HTML >
[2013/08/14 09:13:48 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2964.html

< MD5 for: IEXPLORE.EXE.2968.HTML >
[2013/05/16 16:40:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.2968.html

< MD5 for: IEXPLORE.EXE.3020.HTML >
[2013/05/12 19:56:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3020.html

< MD5 for: IEXPLORE.EXE.3024.HTML >
[2013/07/30 09:38:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3024.html

< MD5 for: IEXPLORE.EXE.3032.HTML >
[2013/05/29 20:50:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3032.html

< MD5 for: IEXPLORE.EXE.3064.HTML >
[2013/08/08 17:11:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3064.html

< MD5 for: IEXPLORE.EXE.3088.HTML >
[2013/04/21 10:14:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3088.html

< MD5 for: IEXPLORE.EXE.3092.HTML >
[2013/04/01 15:07:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3092.html

< MD5 for: IEXPLORE.EXE.3100.HTML >
[2013/03/13 08:55:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3100.html

< MD5 for: IEXPLORE.EXE.3112.HTML >
[2013/05/16 12:58:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3112.html

< MD5 for: IEXPLORE.EXE.3116.HTML >
[2013/05/13 16:44:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3116.html

< MD5 for: IEXPLORE.EXE.3156.HTML >
[2013/07/19 15:08:13 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3156.html

< MD5 for: IEXPLORE.EXE.3160.HTML >
[2013/05/09 14:17:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3160.html

< MD5 for: IEXPLORE.EXE.3184.HTML >
[2013/04/08 08:11:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3184.html

< MD5 for: IEXPLORE.EXE.3188.HTML >
[2013/08/12 21:45:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3188.html

< MD5 for: IEXPLORE.EXE.3196.HTML >
[2013/08/22 19:38:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3196.html

< MD5 for: IEXPLORE.EXE.3232.HTML >
[2013/07/12 11:28:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3232.html

< MD5 for: IEXPLORE.EXE.3280.HTML >
[2013/05/27 22:28:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3280.html

< MD5 for: IEXPLORE.EXE.3284.HTML >
[2013/06/06 20:54:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3284.html

< MD5 for: IEXPLORE.EXE.3288.HTML >
[2013/03/09 13:43:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3288.html

< MD5 for: IEXPLORE.EXE.3312.HTML >
[2013/05/30 14:58:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3312.html

< MD5 for: IEXPLORE.EXE.3324.HTML >
[2013/03/07 12:50:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3324.html

< MD5 for: IEXPLORE.EXE.3340.HTML >
[2013/08/26 12:14:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3340.html

< MD5 for: IEXPLORE.EXE.3348.HTML >
[2013/03/18 11:30:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3348.html

< MD5 for: IEXPLORE.EXE.3352.HTML >
[2013/03/23 14:03:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3352.html

< MD5 for: IEXPLORE.EXE.3368.HTML >
[2013/03/06 15:15:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3368.html

< MD5 for: IEXPLORE.EXE.3376.HTML >
[2013/06/10 14:05:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3376.html

< MD5 for: IEXPLORE.EXE.3400.HTML >
[2013/05/24 19:23:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3400.html

< MD5 for: IEXPLORE.EXE.3404.HTML >
[2013/03/07 12:50:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3404.html

< MD5 for: IEXPLORE.EXE.3412.HTML >
[2013/05/16 21:16:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3412.html

< MD5 for: IEXPLORE.EXE.3416.HTML >
[2013/08/08 18:49:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3416.html

< MD5 for: IEXPLORE.EXE.3436.HTML >
[2013/05/23 23:39:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3436.html

< MD5 for: IEXPLORE.EXE.3456.HTML >
[2013/08/08 18:52:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3456.html

< MD5 for: IEXPLORE.EXE.3472.HTML >
[2013/05/13 22:03:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3472.html

< MD5 for: IEXPLORE.EXE.3484.HTML >
[2013/03/11 20:55:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3484.html

< MD5 for: IEXPLORE.EXE.3488.HTML >
[2013/08/10 10:42:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3488.html

< MD5 for: IEXPLORE.EXE.3496.HTML >
[2013/05/28 14:58:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3496.html

< MD5 for: IEXPLORE.EXE.3500.HTML >
[2013/07/25 16:40:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3500.html

< MD5 for: IEXPLORE.EXE.3520.HTML >
[2013/03/13 08:55:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3520.html

< MD5 for: IEXPLORE.EXE.3524.HTML >
[2013/04/13 09:36:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3524.html

< MD5 for: IEXPLORE.EXE.3548.HTML >
[2013/05/14 18:55:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3548.html

< MD5 for: IEXPLORE.EXE.3572.HTML >
[2013/04/02 15:01:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3572.html

< MD5 for: IEXPLORE.EXE.3584.HTML >
[2013/08/26 10:36:35 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3584.html

< MD5 for: IEXPLORE.EXE.3592.HTML >
[2013/04/08 08:54:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3592.html

< MD5 for: IEXPLORE.EXE.3596.HTML >
[2013/03/04 04:28:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3596.html

< MD5 for: IEXPLORE.EXE.3600.HTML >
[2013/03/16 04:50:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3600.html

< MD5 for: IEXPLORE.EXE.3616.HTML >
[2013/07/25 18:46:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3616.html

< MD5 for: IEXPLORE.EXE.3644.HTML >
[2013/05/07 14:04:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3644.html

< MD5 for: IEXPLORE.EXE.3648.HTML >
[2013/06/04 20:23:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3648.html

< MD5 for: IEXPLORE.EXE.3652.HTML >
[2013/03/18 11:18:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3652.html

< MD5 for: IEXPLORE.EXE.3660.HTML >
[2013/07/17 19:34:09 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3660.html

< MD5 for: IEXPLORE.EXE.3668.HTML >
[2013/07/09 17:55:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3668.html

< MD5 for: IEXPLORE.EXE.3676.HTML >
[2013/03/12 15:50:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3676.html

< MD5 for: IEXPLORE.EXE.3704.HTML >
[2013/04/14 10:24:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3704.html

< MD5 for: IEXPLORE.EXE.3736.HTML >
[2013/05/02 15:48:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3736.html

< MD5 for: IEXPLORE.EXE.376.HTML >
[2013/04/12 10:43:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.376.html

< MD5 for: IEXPLORE.EXE.3764.HTML >
[2013/05/27 09:54:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3764.html

< MD5 for: IEXPLORE.EXE.3812.HTML >
[2013/07/29 11:21:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3812.html

< MD5 for: IEXPLORE.EXE.3824.HTML >
[2013/05/23 17:13:18 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3824.html

< MD5 for: IEXPLORE.EXE.3844.HTML >
[2013/08/12 16:56:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3844.html

< MD5 for: IEXPLORE.EXE.3848.HTML >
[2013/05/22 11:41:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3848.html

< MD5 for: IEXPLORE.EXE.3856.HTML >
[2013/07/19 14:48:12 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3856.html

< MD5 for: IEXPLORE.EXE.3864.HTML >
[2013/03/17 08:55:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3864.html

< MD5 for: IEXPLORE.EXE.3868.HTML >
[2013/04/29 18:23:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3868.html

< MD5 for: IEXPLORE.EXE.3964.HTML >
[2013/05/10 16:05:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3964.html

< MD5 for: IEXPLORE.EXE.3988.HTML >
[2013/04/30 12:38:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.3988.html

< MD5 for: IEXPLORE.EXE.3992.HTML >
[2013/07/20 11:28:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3992.html

< MD5 for: IEXPLORE.EXE.3996.HTML >
[2013/06/10 10:03:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.3996.html

< MD5 for: IEXPLORE.EXE.4020.HTML >
[2013/06/04 20:23:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4020.html

< MD5 for: IEXPLORE.EXE.4028.HTML >
[2013/03/08 21:01:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4028.html

< MD5 for: IEXPLORE.EXE.4076.HTML >
[2013/08/25 20:10:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4076.html

< MD5 for: IEXPLORE.EXE.4104.HTML >
[2013/07/14 10:03:39 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4104.html

< MD5 for: IEXPLORE.EXE.4108.HTML >
[2013/05/12 20:14:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4108.html

< MD5 for: IEXPLORE.EXE.4124.HTML >
[2013/06/06 22:50:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4124.html

< MD5 for: IEXPLORE.EXE.4140.HTML >
[2013/05/20 15:21:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4140.html

< MD5 for: IEXPLORE.EXE.4160.HTML >
[2013/04/23 10:27:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4160.html

< MD5 for: IEXPLORE.EXE.4168.HTML >
[2013/05/01 10:08:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4168.html

< MD5 for: IEXPLORE.EXE.4176.HTML >
[2013/05/29 11:33:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4176.html

< MD5 for: IEXPLORE.EXE.4180.HTML >
[2013/05/20 15:24:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4180.html

< MD5 for: IEXPLORE.EXE.4184.HTML >
[2013/03/29 13:20:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4184.html

< MD5 for: IEXPLORE.EXE.4208.HTML >
[2013/07/09 20:22:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4208.html

< MD5 for: IEXPLORE.EXE.4216.HTML >
[2013/04/12 18:59:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4216.html

< MD5 for: IEXPLORE.EXE.4224.HTML >
[2013/07/10 17:56:37 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4224.html

< MD5 for: IEXPLORE.EXE.4256.HTML >
[2013/03/24 12:20:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4256.html

< MD5 for: IEXPLORE.EXE.4280.HTML >
[2013/05/17 09:42:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4280.html

< MD5 for: IEXPLORE.EXE.4320.HTML >
[2013/08/23 09:54:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4320.html

< MD5 for: IEXPLORE.EXE.4344.HTML >
[2013/05/18 17:57:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4344.html

< MD5 for: IEXPLORE.EXE.4348.HTML >
[2013/05/16 12:42:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4348.html

< MD5 for: IEXPLORE.EXE.4368.HTML >
[2013/03/21 10:14:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4368.html

< MD5 for: IEXPLORE.EXE.440.HTML >
[2013/03/18 11:24:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.440.html

< MD5 for: IEXPLORE.EXE.4408.HTML >
[2013/05/10 22:30:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4408.html

< MD5 for: IEXPLORE.EXE.4424.HTML >
[2013/07/21 18:22:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4424.html

< MD5 for: IEXPLORE.EXE.4436.HTML >
[2013/05/08 14:56:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4436.html

< MD5 for: IEXPLORE.EXE.4440.HTML >
[2013/07/28 11:01:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4440.html

< MD5 for: IEXPLORE.EXE.4448.HTML >
[2013/06/07 13:02:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4448.html

< MD5 for: IEXPLORE.EXE.4456.HTML >
[2013/04/09 10:04:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4456.html

< MD5 for: IEXPLORE.EXE.4460.HTML >
[2013/04/29 10:19:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4460.html

< MD5 for: IEXPLORE.EXE.4464.HTML >
[2013/07/12 18:29:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4464.html

< MD5 for: IEXPLORE.EXE.4480.HTML >
[2013/03/22 12:22:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4480.html

< MD5 for: IEXPLORE.EXE.4488.HTML >
[2013/07/23 12:26:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4488.html

< MD5 for: IEXPLORE.EXE.4500.HTML >
[2013/04/11 11:10:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4500.html

< MD5 for: IEXPLORE.EXE.4512.HTML >
[2013/05/12 18:45:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4512.html

< MD5 for: IEXPLORE.EXE.452.HTML >
[2013/04/26 18:50:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.452.html

< MD5 for: IEXPLORE.EXE.4532.HTML >
[2013/03/06 22:27:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4532.html

< MD5 for: IEXPLORE.EXE.4536.HTML >
[2013/03/21 09:37:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4536.html

< MD5 for: IEXPLORE.EXE.4560.HTML >
[2013/06/07 19:42:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4560.html

< MD5 for: IEXPLORE.EXE.4568.HTML >
[2013/04/29 10:50:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4568.html

< MD5 for: IEXPLORE.EXE.4576.HTML >
[2013/06/06 18:24:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4576.html

< MD5 for: IEXPLORE.EXE.4584.HTML >
[2013/06/12 13:02:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4584.html

< MD5 for: IEXPLORE.EXE.460.HTML >
[2013/05/12 20:24:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.460.html

< MD5 for: IEXPLORE.EXE.4632.HTML >
[2013/04/02 13:37:27 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4632.html

< MD5 for: IEXPLORE.EXE.4640.HTML >
[2013/05/18 10:41:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4640.html

< MD5 for: IEXPLORE.EXE.4652.HTML >
[2013/07/09 16:04:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4652.html

< MD5 for: IEXPLORE.EXE.4680.HTML >
[2013/05/14 18:42:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4680.html

< MD5 for: IEXPLORE.EXE.4688.HTML >
[2013/08/14 19:34:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4688.html

< MD5 for: IEXPLORE.EXE.4712.HTML >
[2013/06/09 10:48:36 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4712.html

< MD5 for: IEXPLORE.EXE.4716.HTML >
[2013/08/02 13:59:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4716.html

< MD5 for: IEXPLORE.EXE.4720.HTML >
[2013/05/08 14:15:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4720.html

< MD5 for: IEXPLORE.EXE.4740.HTML >
[2013/08/03 23:37:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4740.html

< MD5 for: IEXPLORE.EXE.4752.HTML >
[2013/06/05 11:27:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4752.html

< MD5 for: IEXPLORE.EXE.4788.HTML >
[2013/04/04 19:32:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4788.html

< MD5 for: IEXPLORE.EXE.4828.HTML >
[2013/06/02 19:54:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4828.html

< MD5 for: IEXPLORE.EXE.4836.HTML >
[2013/08/20 19:06:12 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4836.html

< MD5 for: IEXPLORE.EXE.4860.HTML >
[2013/04/28 09:35:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4860.html

< MD5 for: IEXPLORE.EXE.4888.HTML >
[2013/03/18 11:18:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4888.html

< MD5 for: IEXPLORE.EXE.4896.HTML >
[2013/05/09 14:48:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4896.html

< MD5 for: IEXPLORE.EXE.4908.HTML >
[2013/04/14 10:24:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4908.html

< MD5 for: IEXPLORE.EXE.4916.HTML >
[2013/03/19 09:27:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4916.html

< MD5 for: IEXPLORE.EXE.4920.HTML >
[2013/05/24 16:11:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4920.html

< MD5 for: IEXPLORE.EXE.4928.HTML >
[2013/04/15 18:52:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4928.html

< MD5 for: IEXPLORE.EXE.4932.HTML >
[2013/08/04 09:56:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4932.html

< MD5 for: IEXPLORE.EXE.4936.HTML >
[2013/05/20 15:18:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4936.html

< MD5 for: IEXPLORE.EXE.4948.HTML >
[2013/05/25 17:07:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4948.html

< MD5 for: IEXPLORE.EXE.4952.HTML >
[2013/07/25 12:22:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4952.html

< MD5 for: IEXPLORE.EXE.4956.HTML >
[2013/03/02 22:02:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4956.html

< MD5 for: IEXPLORE.EXE.4968.HTML >
[2013/04/11 17:36:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.4968.html

< MD5 for: IEXPLORE.EXE.4988.HTML >
[2013/07/11 18:27:27 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.4988.html

< MD5 for: IEXPLORE.EXE.5008.HTML >
[2013/03/29 14:58:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5008.html

< MD5 for: IEXPLORE.EXE.5016.HTML >
[2013/04/27 14:49:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5016.html

< MD5 for: IEXPLORE.EXE.5028.HTML >
[2013/08/09 16:44:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5028.html

< MD5 for: IEXPLORE.EXE.5072.HTML >
[2013/08/10 20:12:45 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5072.html

< MD5 for: IEXPLORE.EXE.5076.HTML >
[2013/05/19 17:52:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5076.html

< MD5 for: IEXPLORE.EXE.5080.HTML >
[2013/08/10 20:12:43 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5080.html

< MD5 for: IEXPLORE.EXE.5088.HTML >
[2013/07/09 17:55:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5088.html

< MD5 for: IEXPLORE.EXE.5096.HTML >
[2013/04/17 17:55:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5096.html

< MD5 for: IEXPLORE.EXE.5124.HTML >
[2013/07/22 18:15:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5124.html

< MD5 for: IEXPLORE.EXE.5144.HTML >
[2013/04/12 10:43:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5144.html

< MD5 for: IEXPLORE.EXE.5148.HTML >
[2013/03/25 09:53:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5148.html

< MD5 for: IEXPLORE.EXE.5160.HTML >
[2013/07/29 09:59:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5160.html

< MD5 for: IEXPLORE.EXE.5180.HTML >
[2013/06/03 19:38:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5180.html

< MD5 for: IEXPLORE.EXE.5188.HTML >
[2013/08/12 14:32:43 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5188.html

< MD5 for: IEXPLORE.EXE.5200.HTML >
[2013/08/09 13:21:38 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5200.html

< MD5 for: IEXPLORE.EXE.5204.HTML >
[2013/07/09 18:38:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5204.html

< MD5 for: IEXPLORE.EXE.5212.HTML >
[2013/05/25 11:18:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5212.html

< MD5 for: IEXPLORE.EXE.5236.HTML >
[2013/08/20 18:55:03 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5236.html

< MD5 for: IEXPLORE.EXE.5240.HTML >
[2013/03/29 20:20:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5240.html

< MD5 for: IEXPLORE.EXE.5244.HTML >
[2013/05/20 15:18:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5244.html

< MD5 for: IEXPLORE.EXE.5248.HTML >
[2013/05/26 19:32:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5248.html

< MD5 for: IEXPLORE.EXE.5260.HTML >
[2013/07/22 19:58:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5260.html

< MD5 for: IEXPLORE.EXE.5276.HTML >
[2013/08/04 13:57:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5276.html

< MD5 for: IEXPLORE.EXE.5280.HTML >
[2013/06/10 13:32:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5280.html

< MD5 for: IEXPLORE.EXE.5284.HTML >
[2013/08/09 18:57:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5284.html

< MD5 for: IEXPLORE.EXE.5292.HTML >
[2013/07/30 18:01:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5292.html

< MD5 for: IEXPLORE.EXE.5308.HTML >
[2013/04/26 09:05:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5308.html

< MD5 for: IEXPLORE.EXE.5312.HTML >
[2013/07/21 11:13:14 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5312.html

< MD5 for: IEXPLORE.EXE.5316.HTML >
[2013/05/18 06:01:50 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5316.html

< MD5 for: IEXPLORE.EXE.5320.HTML >
[2013/07/22 15:53:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5320.html

< MD5 for: IEXPLORE.EXE.5324.HTML >
[2013/07/09 18:38:37 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5324.html

< MD5 for: IEXPLORE.EXE.5328.HTML >
[2013/05/16 12:30:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5328.html

< MD5 for: IEXPLORE.EXE.5336.HTML >
[2013/08/21 19:45:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5336.html

< MD5 for: IEXPLORE.EXE.5344.HTML >
[2013/03/25 09:53:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5344.html

< MD5 for: IEXPLORE.EXE.5348.HTML >
[2013/08/04 14:39:36 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5348.html

< MD5 for: IEXPLORE.EXE.5352.HTML >
[2013/07/10 21:37:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5352.html

< MD5 for: IEXPLORE.EXE.5356.HTML >
[2013/04/03 12:18:23 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5356.html

< MD5 for: IEXPLORE.EXE.5364.HTML >
[2013/04/09 10:47:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5364.html

< MD5 for: IEXPLORE.EXE.5380.HTML >
[2013/04/08 18:17:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5380.html

< MD5 for: IEXPLORE.EXE.5388.HTML >
[2013/03/11 20:55:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5388.html

< MD5 for: IEXPLORE.EXE.5392.HTML >
[2013/08/01 19:36:55 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5392.html

< MD5 for: IEXPLORE.EXE.5396.HTML >
[2013/05/14 16:03:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5396.html

< MD5 for: IEXPLORE.EXE.5404.HTML >
[2013/06/07 21:31:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5404.html

< MD5 for: IEXPLORE.EXE.5416.HTML >
[2013/08/22 19:38:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5416.html

< MD5 for: IEXPLORE.EXE.5420.HTML >
[2013/07/09 18:51:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5420.html

< MD5 for: IEXPLORE.EXE.5424.HTML >
[2013/04/27 09:23:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5424.html

< MD5 for: IEXPLORE.EXE.5428.HTML >
[2013/08/01 14:46:03 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5428.html

< MD5 for: IEXPLORE.EXE.5444.HTML >
[2013/07/16 18:15:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5444.html

< MD5 for: IEXPLORE.EXE.5448.HTML >
[2013/07/26 15:27:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5448.html

< MD5 for: IEXPLORE.EXE.5452.HTML >
[2013/07/24 12:30:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5452.html

< MD5 for: IEXPLORE.EXE.5460.HTML >
[2013/04/23 10:30:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5460.html

< MD5 for: IEXPLORE.EXE.5464.HTML >
[2013/07/25 10:39:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5464.html

< MD5 for: IEXPLORE.EXE.5468.HTML >
[2013/07/27 18:57:19 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5468.html

< MD5 for: IEXPLORE.EXE.5476.HTML >
[2013/07/26 20:06:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5476.html

< MD5 for: IEXPLORE.EXE.5484.HTML >
[2013/05/04 16:42:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5484.html

< MD5 for: IEXPLORE.EXE.5488.HTML >
[2013/03/21 10:40:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5488.html

< MD5 for: IEXPLORE.EXE.5492.HTML >
[2013/08/12 12:29:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5492.html

< MD5 for: IEXPLORE.EXE.5496.HTML >
[2013/07/20 17:18:30 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5496.html

< MD5 for: IEXPLORE.EXE.5508.HTML >
[2013/05/09 14:17:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5508.html

< MD5 for: IEXPLORE.EXE.5512.HTML >
[2013/03/13 09:02:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5512.html

< MD5 for: IEXPLORE.EXE.5516.HTML >
[2013/06/10 17:52:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5516.html

< MD5 for: IEXPLORE.EXE.5524.HTML >
[2013/07/24 18:51:15 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5524.html

< MD5 for: IEXPLORE.EXE.5528.HTML >
[2013/07/10 13:15:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5528.html

< MD5 for: IEXPLORE.EXE.5548.HTML >
[2013/03/05 14:08:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5548.html

< MD5 for: IEXPLORE.EXE.5556.HTML >
[2013/06/07 13:43:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5556.html

< MD5 for: IEXPLORE.EXE.5568.HTML >
[2013/07/23 19:00:15 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5568.html

< MD5 for: IEXPLORE.EXE.5584.HTML >
[2013/07/09 20:22:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5584.html

< MD5 for: IEXPLORE.EXE.560.HTML >
[2013/07/22 18:43:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.560.html

< MD5 for: IEXPLORE.EXE.5604.HTML >
[2013/08/18 10:46:15 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5604.html

< MD5 for: IEXPLORE.EXE.5616.HTML >
[2013/04/12 10:07:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5616.html

< MD5 for: IEXPLORE.EXE.5620.HTML >
[2013/04/26 00:02:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5620.html

< MD5 for: IEXPLORE.EXE.5628.HTML >
[2013/05/19 20:22:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5628.html

< MD5 for: IEXPLORE.EXE.5640.HTML >
[2013/05/10 12:11:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5640.html

< MD5 for: IEXPLORE.EXE.5648.HTML >
[2013/06/10 19:30:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5648.html

< MD5 for: IEXPLORE.EXE.5660.HTML >
[2013/08/15 10:15:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5660.html

< MD5 for: IEXPLORE.EXE.5676.HTML >
[2013/04/22 18:45:03 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5676.html

< MD5 for: IEXPLORE.EXE.5708.HTML >
[2013/05/21 20:40:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5708.html

< MD5 for: IEXPLORE.EXE.5712.HTML >
[2013/04/28 19:48:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5712.html

< MD5 for: IEXPLORE.EXE.5716.HTML >
[2013/04/25 16:09:01 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5716.html

< MD5 for: IEXPLORE.EXE.5720.HTML >
[2013/05/04 10:35:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5720.html

< MD5 for: IEXPLORE.EXE.5732.HTML >
[2013/07/28 19:25:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5732.html

< MD5 for: IEXPLORE.EXE.5736.HTML >
[2013/05/04 16:41:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5736.html

< MD5 for: IEXPLORE.EXE.5740.HTML >
[2013/07/21 19:17:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5740.html

< MD5 for: IEXPLORE.EXE.5756.HTML >
[2013/06/05 14:46:04 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5756.html

< MD5 for: IEXPLORE.EXE.5760.HTML >
[2013/08/04 17:10:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5760.html

< MD5 for: IEXPLORE.EXE.5764.HTML >
[2013/08/25 19:49:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5764.html

< MD5 for: IEXPLORE.EXE.5768.HTML >
[2013/05/31 19:01:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5768.html

< MD5 for: IEXPLORE.EXE.5776.HTML >
[2013/07/14 11:18:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5776.html

< MD5 for: IEXPLORE.EXE.5780.HTML >
[2013/07/20 10:10:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5780.html

< MD5 for: IEXPLORE.EXE.5784.HTML >
[2013/05/09 14:13:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5784.html

< MD5 for: IEXPLORE.EXE.5788.HTML >
[2013/03/23 11:33:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5788.html

< MD5 for: IEXPLORE.EXE.5792.HTML >
[2013/08/09 16:19:20 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5792.html

< MD5 for: IEXPLORE.EXE.580.HTML >
[2013/04/17 18:46:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.580.html

< MD5 for: IEXPLORE.EXE.5800.HTML >
[2013/07/27 17:42:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5800.html

< MD5 for: IEXPLORE.EXE.5804.HTML >
[2013/08/10 19:33:47 | 000,005,385 | ---- | M] () MD5=F727E4ED6BFEDB12B10C86F1ABA449E7 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5804.html

< MD5 for: IEXPLORE.EXE.5816.HTML >
[2013/05/13 12:12:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5816.html

< MD5 for: IEXPLORE.EXE.5828.HTML >
[2013/05/12 20:14:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5828.html

< MD5 for: IEXPLORE.EXE.5832.HTML >
[2013/06/09 22:05:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5832.html

< MD5 for: IEXPLORE.EXE.5840.HTML >
[2013/03/16 03:36:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5840.html

< MD5 for: IEXPLORE.EXE.588.HTML >
[2013/08/01 18:59:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.588.html

< MD5 for: IEXPLORE.EXE.5880.HTML >
[2013/08/25 10:10:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5880.html

< MD5 for: IEXPLORE.EXE.5884.HTML >
[2013/07/19 14:45:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5884.html

< MD5 for: IEXPLORE.EXE.5888.HTML >
[2013/04/27 14:46:11 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5888.html

< MD5 for: IEXPLORE.EXE.5904.HTML >
[2013/05/24 16:24:46 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5904.html

< MD5 for: IEXPLORE.EXE.5908.HTML >
[2013/05/31 22:30:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5908.html

< MD5 for: IEXPLORE.EXE.5920.HTML >
[2013/08/27 20:07:34 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5920.html

< MD5 for: IEXPLORE.EXE.5924.HTML >
[2013/08/24 10:14:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5924.html

< MD5 for: IEXPLORE.EXE.5928.HTML >
[2013/04/09 15:09:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5928.html

< MD5 for: IEXPLORE.EXE.5932.HTML >
[2013/08/26 19:36:46 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5932.html

< MD5 for: IEXPLORE.EXE.5936.HTML >
[2013/05/20 17:39:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5936.html

< MD5 for: IEXPLORE.EXE.5952.HTML >
[2013/06/08 19:44:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5952.html

< MD5 for: IEXPLORE.EXE.5956.HTML >
[2013/08/18 19:49:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5956.html

< MD5 for: IEXPLORE.EXE.5968.HTML >
[2013/07/21 11:06:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5968.html

< MD5 for: IEXPLORE.EXE.5976.HTML >
[2013/08/09 12:35:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5976.html

< MD5 for: IEXPLORE.EXE.5984.HTML >
[2013/03/24 09:45:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.5984.html

< MD5 for: IEXPLORE.EXE.5992.HTML >
[2013/07/20 11:28:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.5992.html

< MD5 for: IEXPLORE.EXE.6012.HTML >
[2013/07/25 10:47:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6012.html

< MD5 for: IEXPLORE.EXE.6024.HTML >
[2013/05/11 10:07:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6024.html

< MD5 for: IEXPLORE.EXE.6040.HTML >
[2013/05/22 11:11:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6040.html

< MD5 for: IEXPLORE.EXE.6044.HTML >
[2013/07/20 10:10:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6044.html

< MD5 for: IEXPLORE.EXE.6048.HTML >
[2013/04/18 19:03:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6048.html

< MD5 for: IEXPLORE.EXE.6056.HTML >
[2013/04/17 10:47:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6056.html

< MD5 for: IEXPLORE.EXE.6060.HTML >
[2013/06/05 11:27:45 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6060.html

< MD5 for: IEXPLORE.EXE.6064.HTML >
[2013/08/20 18:54:16 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6064.html

< MD5 for: IEXPLORE.EXE.6084.HTML >
[2013/06/09 11:03:25 | 000,003,231 | ---- | M] () MD5=8E4CD62DAB5825EB1AE43F6CB123FB28 -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6084.html

< MD5 for: IEXPLORE.EXE.6116.HTML >
[2013/03/14 14:00:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6116.html

< MD5 for: IEXPLORE.EXE.6120.HTML >
[2013/04/19 18:24:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6120.html

< MD5 for: IEXPLORE.EXE.6124.HTML >
[2013/03/04 04:41:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.6124.html

< MD5 for: IEXPLORE.EXE.6140.HTML >
[2013/06/10 18:30:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6140.html

< MD5 for: IEXPLORE.EXE.616.HTML >
[2013/07/26 09:49:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.616.html

< MD5 for: IEXPLORE.EXE.6316.HTML >
[2013/07/25 19:20:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6316.html

< MD5 for: IEXPLORE.EXE.6324.HTML >
[2013/05/22 16:47:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6324.html

< MD5 for: IEXPLORE.EXE.6368.HTML >
[2013/05/19 11:36:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6368.html

< MD5 for: IEXPLORE.EXE.6416.HTML >
[2013/05/22 21:25:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6416.html

< MD5 for: IEXPLORE.EXE.6488.HTML >
[2013/06/01 12:39:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6488.html

< MD5 for: IEXPLORE.EXE.6528.HTML >
[2013/07/25 19:20:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6528.html

< MD5 for: IEXPLORE.EXE.6552.HTML >
[2013/06/10 18:37:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6552.html

< MD5 for: IEXPLORE.EXE.684.HTML >
[2013/05/25 03:48:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.684.html

< MD5 for: IEXPLORE.EXE.6884.HTML >
[2013/06/01 12:39:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.6884.html

< MD5 for: IEXPLORE.EXE.700.HTML >
[2013/06/10 18:21:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.700.html

< MD5 for: IEXPLORE.EXE.708.HTML >
[2013/08/23 17:40:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.708.html

< MD5 for: IEXPLORE.EXE.7132.HTML >
[2013/06/07 16:36:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.7132.html

< MD5 for: IEXPLORE.EXE.716.HTML >
[2013/03/24 10:46:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.716.html

< MD5 for: IEXPLORE.EXE.736.HTML >
[2013/03/10 19:22:54 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.736.html

< MD5 for: IEXPLORE.EXE.772.HTML >
[2013/05/15 12:06:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.772.html

< MD5 for: IEXPLORE.EXE.804.HTML >
[2013/08/12 17:44:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.804.html

< MD5 for: IEXPLORE.EXE.816.HTML >
[2013/04/03 12:18:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.816.html

< MD5 for: IEXPLORE.EXE.832.HTML >
[2013/04/27 14:49:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.832.html

< MD5 for: IEXPLORE.EXE.836.HTML >
[2013/05/11 11:21:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.836.html

< MD5 for: IEXPLORE.EXE.844.HTML >
[2013/05/21 19:19:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.844.html

< MD5 for: IEXPLORE.EXE.888.HTML >
[2013/05/19 17:53:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.888.html

< MD5 for: IEXPLORE.EXE.900.HTML >
[2013/07/25 12:23:46 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\iexplore.exe.900.html

< MD5 for: IEXPLORE.EXE.904.HTML >
[2013/07/30 21:24:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Heather\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html

\IEXPLORE.EXE.904.html

< MD5 for: IEXPLORE.EXE.MUI >
[2011/07/04 10:17:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/07/04 10:17:10 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/04/30 12:41:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US

\iexplore.exe.mui
[2013/04/30 12:41:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US

\iexplore.exe.mui
[2013/04/30 12:41:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/04/30 12:41:06 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/14 13:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 13:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 13:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 13:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-

optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-058FE8F5.PF >
[2014/01/18 11:44:08 | 000,084,640 | ---- | M] () MD5=4423720E2C31287C082460F61BB12624 -- C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf

< MD5 for: IEXPLORE.EXE-A033F7A0.PF >
[2014/01/18 11:44:08 | 000,182,284 | ---- | M] () MD5=1F530AA5EB57016B7CA0C2E5913506F6 -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

< MD5 for: SERVICES >
[2009/06/11 08:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-

other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 21:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed

\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 17:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 12:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 13:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 13:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-

s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 15:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

\services.lnk
[2009/07/14 15:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative

Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 07:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 07:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 13:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 07:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 13:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 13:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-

s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 07:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-

servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 13:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-

s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-

servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2009/04/23 06:08:52 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\Images\icons\png

\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/14 07:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 07:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2009/07/14 13:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-

adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/11 08:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-

adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 00:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 12:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 18:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 17:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 00:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 00:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 13:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-

winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.EXE-DEDDC9B6.PF >
[2014/01/18 12:02:57 | 000,037,530 | ---- | M] () MD5=7FBF248CD3832739D2369A5A081779CF -- C:\Windows\Prefetch\WINLOGON.EXE-DEDDC9B6.pf

< MD5 for: WINLOGON.MFL >
[2009/07/14 13:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 13:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-

mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/14 07:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 07:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-

mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2009/12/02 01:51:09 | 000,003,451 | RH-- | M] () -- C:\dell.sdr
[2014/01/20 09:21:25 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/05 20:47:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/12/02 16:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2014/01/20 09:21:28 | 4291,145,728 | -HS- | M] () -- C:\pagefile.sys
[2013/01/10 23:23:32 | 000,000,932 | ---- | M] () -- C:\windows alert message.vbs

< %systemroot%\Fonts\*.com >
[2009/07/14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2014/01/13 07:14:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 14AB-BB9C
Directory of C:\
14/07/2009 04:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 04:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 04:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 04:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 04:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 04:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 04:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009 04:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
14/07/2009 04:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 04:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 04:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 04:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 04:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 04:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 04:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 04:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009 04:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 04:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 04:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 04:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 04:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 04:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 04:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009 04:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 04:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 04:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009 04:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009 04:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Heather
08/02/2010 08:00 AM    <JUNCTION>     Application Data [C:\Users\Heather\AppData\Roaming]
08/02/2010 08:00 AM    <JUNCTION>     Cookies [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Cookies]
08/02/2010 08:00 AM    <JUNCTION>     Local Settings [C:\Users\Heather\AppData\Local]
08/02/2010 08:00 AM    <JUNCTION>     My Documents [C:\Users\Heather\Documents]
08/02/2010 08:00 AM    <JUNCTION>     NetHood [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/02/2010 08:00 AM    <JUNCTION>     PrintHood [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/02/2010 08:00 AM    <JUNCTION>     Recent [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Recent]
08/02/2010 08:00 AM    <JUNCTION>     SendTo [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\SendTo]
08/02/2010 08:00 AM    <JUNCTION>     Start Menu [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu]
08/02/2010 08:00 AM    <JUNCTION>     Templates [C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Heather\AppData\Local
08/02/2010 08:00 AM    <JUNCTION>     Application Data [C:\Users\Heather\AppData\Local]
08/02/2010 08:00 AM    <JUNCTION>     History [C:\Users\Heather\AppData\Local\Microsoft\Windows\History]
08/02/2010 08:00 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Heather\Documents
08/02/2010 08:00 AM    <JUNCTION>     My Music [C:\Users\Heather\Music]
08/02/2010 08:00 AM    <JUNCTION>     My Pictures [C:\Users\Heather\Pictures]
08/02/2010 08:00 AM    <JUNCTION>     My Videos [C:\Users\Heather\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 04:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009 04:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009 04:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              49 Dir(s) 423,984,033,792 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/04 10:25:27 | 000,000,221 | -HS- | M] () -- C:\Users\Heather\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2014/01/19 16:23:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#3 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 23 January 2014 - 04:14 PM

Hi kangaroo,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

I'm not seeing anything specific...

Let's try this:

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#4 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 23 January 2014 - 10:00 PM

Hi Tomk,

Thanks for taking this up for us.

I've run the ComboFix tool and here is the log, I look forward to your next steps:

ComboFix 14-01-23.02 - Heather 24/01/2014 14:42:13.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2470 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TotalRecipeSearch_14
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dlghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14dyn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14feedmg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14highin.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14hkstub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14httpct.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14idle.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14medint.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14mlbtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14msg.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14radio.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regfft.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14regiet.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14script.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14tpinst.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\14uabtn.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\chrome\14ffxtbr.jar
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\installKeys.js
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\LOGO.BMP
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8RES.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\1.bin\T8TICKER.DLL
c:\program files (x86)\TotalRecipeSearch_14\bar\gen1\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Message\COMMON.T8S
c:\program files (x86)\TotalRecipeSearch_14\bar\Settings\s_pid.dat
c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24 )))))))))))))))))))))))))))))))
.
.
2014-01-24 03:50 . 2014-01-24 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-19 22:34 . 2014-01-24 03:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2364238-1089-4C40-A0E9-07D98E665F99}\offreg.dll
2014-01-18 00:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2364238-1089-4C40-A0E9-07D98E665F99}\mpengine.dll
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 01:25 . 2011-03-05 09:36 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:32 . 2013-12-11 19:35 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:35 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe /onboot
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-13145503-423147612-3628204384-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-13145503-423147612-3628204384-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-24 14:53:42
ComboFix-quarantined-files.txt 2014-01-24 03:53
.
Pre-Run: 424,849,518,592 bytes free
Post-Run: 425,074,593,792 bytes free
.
- - End Of File - - EE6909071A4179D5D021BA2E5CE24FDB

#5 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 23 January 2014 - 11:57 PM

Didn't really find anything...

Let's get an online scan... this will take hours:

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#6 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 24 January 2014 - 05:49 AM

Hi Tomk,

I saved your message in htm format to a USB stick and then opened it on the problem PC. I found the following problem trying to run the scan.

When I clicked on the link to run the Eset scanner, I got a message that Internet Explorer had stopped working: A problem has caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. Clicking the Close Program button cycles this a couple of times and then the address:
res://ieframe.dll/acr_error.htm#eset.com,http://go.eset.com/us/online-scanner
with the fatal error icon: We were unable to return you to eset.com is displayed.

IE10 has the Browsing | Advanced | Internet Option Automatically recover from page layout errors with Compatibility View ticked.

Finally, I tried to go to the home page and had the same error not loading.

So I closed that IE session and started a new IE session (without trying to open your message); the home page loaded normally. So I entered the URL of the link you gave (http://go.eset.com/us/online-scanner) and tried to run the scan.

I clicked the Run ESET Online Scanner button and got the http://www.eset.com/...-scanner-popup/ with the EULA; I ticked the box next to YES, I accept the Terms of Use and then clicked the Start button but nothing happened. I noticed that the "still loading" icon was rotating on the ESET page. I read the Eset help FAQs and noted the need to have administrator rights.

Success!
I restarted the PC and then ran IE10 as administrator. This time when I went to the ESET site (again by selecting the URL from the recently visited list) I noticed the compatibility icon on the right of the address bar and again when I got the scanner pop-up. This time when I clicked the compatibility icon, the page completed loading and I was able to run the scan.

Here is the ESETSCAN.txt file contents as requested:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14auxstb.dll.vir Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14htmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14impipe.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14Plugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14reghk.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14skplay.exe.vir Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\CREXT.DLL.vir a variant of Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\CrExtP14.exe.vir a variant of Win32/Toolbar.MyWebSearch.W application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll.vir Win32/Toolbar.MyWebSearch.T application
C:\Qoobox\Quarantine\C\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\RecipeHub.exe a variant of Win32/AdInstaller application
C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\dbe8d2a-20b69eda Java/Exploit.Agent.OMX trojan
C:\Users\Heather\Downloads\TotalRecipeSearch.exe Win32/AdInstaller application

Look forward to your advice.

#7 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 24 January 2014 - 09:20 AM

Wow. Sorry about all the trouble. It shouldn't have been that hard. I should have warned you about needing to run as administrator.

Something isn't right... but I'm thinking it's not malware. At least not currently.

Let's try to reset a bunch of windows settings. The program has been updates since the following directions were put together so what you see may not be exactly as shown... but very close.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#8 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 24 January 2014 - 10:48 PM

Hi Tomk,

Here is the Windows_Repair log:

Starting Repairs...
Start (25/01/2014 2:42:20 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (25/01/2014 2:42:20 PM)
   Running Repair Under Current User Account
   Done (25/01/2014 2:42:28 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (25/01/2014 2:42:28 PM)
   Running Repair Under System Account
   Done (25/01/2014 2:45:22 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (25/01/2014 2:45:22 PM)
   Running Repair Under System Account
   Done (25/01/2014 2:46:45 PM)

03 - Register System Files
   Start (25/01/2014 2:46:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:47:15 PM)

04 - Repair WMI
   Start (25/01/2014 2:47:15 PM)
   Running Repair Under Current User Account
   Done (25/01/2014 2:50:42 PM)

05 - Repair Windows Firewall
   Start (25/01/2014 2:50:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:51:14 PM)

06 - Repair Internet Explorer
   Start (25/01/2014 2:51:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:51:46 PM)

07 - Repair MDAC/MS Jet
   Start (25/01/2014 2:51:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:52:01 PM)

08 - Repair Hosts File
   Start (25/01/2014 2:52:01 PM)
   Running Repair Under System Account
   Done (25/01/2014 2:52:04 PM)

09 - Remove Policies Set By Infections
   Start (25/01/2014 2:52:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:52:08 PM)

11 - Repair Icons
   Start (25/01/2014 2:52:08 PM)
   Running Repair Under System Account
   Done (25/01/2014 2:52:11 PM)

12 - Repair Winsock & DNS Cache
   Start (25/01/2014 2:52:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:52:28 PM)

14 - Repair Proxy Settings
   Start (25/01/2014 2:52:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:52:33 PM)

16 - Repair Windows Updates
   Start (25/01/2014 2:52:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:52:54 PM)

17 - Repair CD/DVD Missing/Not Working
Start (25/01/2014 2:52:54 PM)
Done (25/01/2014 2:52:54 PM)

18 - Repair Volume Shadow Copy Service
   Start (25/01/2014 2:52:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:03 PM)

20 - Repair MSI (Windows Installer)
   Start (25/01/2014 2:53:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:18 PM)

22.01 - Repair bat Association
   Start (25/01/2014 2:53:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:23 PM)

22.02 - Repair cmd Association
   Start (25/01/2014 2:53:23 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:28 PM)

22.03 - Repair com Association
   Start (25/01/2014 2:53:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:32 PM)

22.04 - Repair Directory Association
   Start (25/01/2014 2:53:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:37 PM)

22.05 - Repair Drive Association
   Start (25/01/2014 2:53:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:42 PM)

22.06 - Repair exe Association
   Start (25/01/2014 2:53:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:47 PM)

22.07 - Repair Folder Association
   Start (25/01/2014 2:53:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:51 PM)

22.08 - Repair inf Association
   Start (25/01/2014 2:53:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:53:56 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (25/01/2014 2:53:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:01 PM)

22.10 - Repair msc Association
   Start (25/01/2014 2:54:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:06 PM)

22.11 - Repair reg Association
   Start (25/01/2014 2:54:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:10 PM)

22.12 - Repair scr Association
   Start (25/01/2014 2:54:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:15 PM)

23 - Repair Windows Safe Mode
   Start (25/01/2014 2:54:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:20 PM)

24 - Repair Print Spooler
   Start (25/01/2014 2:54:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:33 PM)

25 - Restore Important Windows Services
   Start (25/01/2014 2:54:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:42 PM)

26 - Set Windows Services To Default Startup
   Start (25/01/2014 2:54:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (25/01/2014 2:54:51 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

Cleaning up empty logs...

All Selected Repairs Done.
Done (25/01/2014 2:54:51 PM)
Total Repair Time: 00:12:31

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

Look forward to your further advice.

#9 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 24 January 2014 - 11:42 PM

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Heather\Downloads\TotalRecipeSearch.exe 

Folder::
C:\Users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then give things a "test drive" and let me know how it seems to be running.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#10 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 25 January 2014 - 03:10 AM

Hi Tomk,

I ran the ComboFix by dropping the Script file on the exe as requested.

I've pasted the log at the end of this reply.

After ComboFix completed, I restarted the PC and opened IE.

Her Inbox at Outlook.com loaded but never (well, after five minutes) completed: while the Inbox and message headers displayed almost stright away, the progress dots kept running across the top of the window and the first, highlighted message did not display in the reading pane. I checked that the reading pane was set on in the settings. After some five minutes, I clicked on the stub to open a new tab. A new tab opened but loaded her Outlook.com Inbox as was the case before we started this topic. The difference was that the first message did display in the reading pane in this tab and I could navigate to various folders and messages in this tab.

However. in switching focus to the original tab it was still stuck in the "loading" phase.

In the new tab look at her email, I could click on links in messages and they opened in a new tab or window.

I used one these embedded links in a message from Avast Support to look at one of her support tickets and that worked quite quickly.

I'm still puzzled as to why, when I click on the New Tab stub in IE, it opens a new tab that loads Outlook.com Inbox (as though it is going to the home page) rather than opening a blank tab (About:blank) as I am used to on other systems.

Here is the ComboFix log as requested:

ComboFix 14-01-23.02 - Heather 25/01/2014 18:19:10.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2631 [GMT 11:00]
Running from: c:\users\Heather\Desktop\Clean-Up\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\Clean-Up\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application"
"c:\program files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application"
"c:\users\Heather\Downloads\TotalRecipeSearch.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[10].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[11].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[3].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[4].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[5].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[6].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[7].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[8].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\__utm[9].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\1[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\215284_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\247346_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\247353_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\247357_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\25_button[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\250505_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\250507_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\250510_EN[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\6706118014570952756[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\ads-minified-1.42.1[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\all[2].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\allScripts[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\ANX_async_usersync[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\arr_li[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\arr_li[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\arr_more[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\av_ico_lock[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\avast-Installation-Disc_M[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\avatar[1].jpg
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_backgrounds01[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_backgrounds02[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_body[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_images[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_info[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_line_bottom[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\bg_menu[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\blank[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\button_start[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\buttons[1].css
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\buttons20[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\cart_reassurance_1459_EN[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\cb=gapi[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\collapser[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\countrycode[1].json
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\countrycode[2].json
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\countrycode[3].json
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\crossdomain[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\custom_btns2[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\dapmsn[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\dnserrordiagoff[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\elqCfg[2].htm
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\event[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favcenter[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[1].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[2].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[3].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[4].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[5].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[6].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\favicon[7].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\GA2[1].swf
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\head-10c28dc13ce46979d1972d166b218ca7.merged[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\head-6d3cce9ad9550d9f2f91db768b50f9ab.merged[1].css
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\httpErrorPagesScripts[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\ico_cart[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\ico_world[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-facebook-40[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-gplus-16[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-gplus-16[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-linkedin-40[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-linkedin-40[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-twitter-16[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-twitter-16[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-twitter-40[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-twitter-40[2].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-youtube-16[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\icon-square-youtube-40[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\index-2302a7802d13be60e0af6021a2a938bc.min[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\index-5cedcc827708e074ffeadd187db8c82f.min[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\jquery-1.4.2.min[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\jquery.min[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\known_providers_download_v1[1].xml
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\line_sm3[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\login[1].htm
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\Login_Core[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\logo-bottom[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\logo-bottom[2].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\logo-eset[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\logo_mail[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\mastercard[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\mbox[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\menu_injection_handler[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\microsoft.advertising.web.admanager[1].js
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\OLFavIE9[1].ico
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\online-scanner[1].htm
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\Outlook_Refresh_Pilot_SISU_SkyDrive[1].css
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\perso_reassurance_1459_EN[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\pointer[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\s_code_2[1].htm
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\s52367075677896[1].gif
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\skydrive_frame0[1].jpg
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\skypehome%2Findex[1]
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\sprite-955162e69e43eae36063ab178f3814c1[1].png
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\tips-data[1].htm
c:\users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLWRYXV0\topcontact-background[1].png
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\59897f80-6af9d2d2
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\59897f80-6af9d2d2.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\49847b0b-162b7e14
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\49847b0b-162b7e14.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\635a72cd-7604c85e
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\635a72cd-7604c85e.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2c7e2313-53088d53
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2c7e2313-53088d53.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3ca5ef13-5b384a00
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3ca5ef13-5b384a00.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1619cd42-699e34ef
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\1619cd42-699e34ef.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\35ab0d54-715f8b96
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\35ab0d54-715f8b96.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22e17456-5f034e8d
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22e17456-5f034e8d.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14377a18-71ce2fcf
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\14377a18-71ce2fcf.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\26742999-69efd9b7
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\26742999-69efd9b7.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41c97319-68a38c0e
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\41c97319-68a38c0e.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\794f2bd9-57058e9d
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\794f2bd9-57058e9d.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\29960b5e-131a136a
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\29960b5e-131a136a.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7dbd745f-125a18d3
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7dbd745f-125a18d3.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6c34baa0-3373728a.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6c34baa0-6a0cbc72.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\dbe8d2a-20b69eda
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\dbe8d2a-20b69eda.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6022726c-79c97ef5
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6022726c-79c97ef5.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2ea8ffee-415f581d
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2ea8ffee-415f581d.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\15572e2f-49e08ed4
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\15572e2f-49e08ed4.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3b1cd333-6ffabca0
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3b1cd333-6ffabca0.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-19912b29-n\jmc.dll
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-19912b29-n\msvcp71.dll
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-19912b29-n\msvcr71.dll
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-19912b29
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-19912b29.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-1a228890
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-1a228890.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\459b1b06-5a89a998
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\459b1b06-5a89a998.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5beb0ebe-35d3c665
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5beb0ebe-35d3c665.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2bb31bbf-2fb1f9a6
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\2bb31bbf-2fb1f9a6.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3ea64c3f-206c0ba9
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\3ea64c3f-206c0ba9.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\53692e3f-3da2db3b
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\53692e3f-3da2db3b.idx
c:\users\Heather\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
c:\users\Heather\Downloads\TotalRecipeSearch.exe
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25 )))))))))))))))))))))))))))))))
.
.
2014-01-25 07:41 . 2014-01-25 07:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-25 07:41 . 2014-01-25 07:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-25 07:04 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-25 02:44 . 2014-01-25 02:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-

2ACAE952C5CD}\offreg.dll
2014-01-24 09:51 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-

2ACAE952C5CD}\mpengine.dll
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:32 . 2013-12-11 19:35 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:35 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

[x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup

\sftservice.EXE [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-01-25 18:44:27
ComboFix-quarantined-files.txt 2014-01-25 07:44
ComboFix2.txt 2014-01-24 03:53
.
Pre-Run: 425,970,499,584 bytes free
Post-Run: 425,537,265,664 bytes free
.
- - End Of File - - C97F98B6D18B041CD0CA2A49C1BE7BDD

Edited by kangaroo, 25 January 2014 - 03:14 AM.

Advertisements

Register to Remove

#11 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 25 January 2014 - 10:33 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
atapi.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#12 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 25 January 2014 - 10:15 PM

Hi Tomk,

Done. Out of habit, I right-clicked the exe and ran as administrator; I trust this is OK. I also noticed in the log, it suggested I use SystemLook-x64 (presumably because the PC is running Win7 64-bit); would this make a difference?

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:03 on 26/01/2014 by Heather
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\ERDNT\cache64\atapi.sys --a---- 24128 bytes [02:48 22/07/2011] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

-= EOF =-

#13 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 January 2014 - 12:06 AM

You did fine. This program didn't care if you ran as admin or not... and we were looking for a 32 bit file.

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

FCopy::
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys | c:\windows\SysWow64\Drivers\atapi.sys

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#14 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 26 January 2014 - 05:52 AM

Hi Tomk,

I've run the script on ComboFix. Looking at the start of the log, I noticed that it said Windows Defender was enabled. Do I need to re-run this scan and how would I disable Windows Defender? (There is no icon for Windows Defender in the System Tray.)

ComboFix log:

ComboFix 14-01-23.02 - Heather 26/01/2014 21:58:05.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2752 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\user32.dll
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys --> c:\windows\SysWow64\Drivers\atapi.sys
.
(((((((((((((((((((((((((   Files Created from 2013-12-26 to 2014-01-26 )))))))))))))))))))))))))))))))
.
.
2014-01-26 11:04 . 2014-01-26 11:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-26 11:04 . 2014-01-26 11:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-26 11:07 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-25 02:44 . 2014-01-26 04:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll
2014-01-24 09:51 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:32 . 2013-12-11 19:35 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:35 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-01-26 22:12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-26 11:12
ComboFix2.txt 2014-01-25 07:44
ComboFix3.txt 2014-01-24 03:53
.
Pre-Run: 425,522,216,960 bytes free
Post-Run: 425,445,208,064 bytes free
.
- - End Of File - - D42319EE5DE5E3F3BA408FD44B664AD0

#15 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 January 2014 - 11:26 AM

That's a bad sign. We may have a replicator on board.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Body Background

skin color theme

IE10 browser & Outlook.com erratic [Solved]

#1 kangaroo

Advertisements

Register to Remove

#2 kangaroo

#3 Tomk

#4 kangaroo

#5 Tomk

#6 kangaroo

#7 Tomk

#8 kangaroo

#9 Tomk

#10 kangaroo

Advertisements

Register to Remove

#11 Tomk

#12 kangaroo

#13 Tomk

#14 kangaroo

#15 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

IE10 browser & Outlook.com erratic [Solved]

#1 kangaroo

Advertisements Register to Remove

#2 kangaroo

#3 Tomk

#4 kangaroo

#5 Tomk

#6 kangaroo

#7 Tomk

#8 kangaroo

#9 Tomk

#10 kangaroo

Advertisements Register to Remove

#11 Tomk

#12 kangaroo

#13 Tomk

#14 kangaroo

#15 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove