OTL logfile created on: 2/5/2013 3:05:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lisa\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.50 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 83.55% Memory free 3.10 Gb Paging File | 2.92 Gb Available in Paging File | 94.28% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 14.94 Gb Free Space | 16.04% Space Free | Partition Type: NTFS Drive E: | 3.82 Gb Total Space | 2.88 Gb Free Space | 75.48% Space Free | Partition Type: FAT32 Computer Name: NX9420 | User Name: Lisa | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/02/05 14:51:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/01/10 11:13:37 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013/01/10 11:13:00 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll MOD - [2013/01/10 11:11:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013/01/10 11:11:21 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013/01/10 11:09:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013/01/10 11:09:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013/01/10 11:08:42 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2013/01/10 11:08:33 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll MOD - [2013/01/10 11:08:32 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/01/10 14:09:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2012/07/26 10:03:58 | 004,637,768 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2005/10/12 11:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Lisa\LOCALS~1\Temp\kxtdqpob.sys -- (kxtdqpob) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService) DRV - [2012/08/24 15:30:50 | 000,137,568 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP) DRV - [2012/08/24 15:30:44 | 001,210,208 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE) DRV - [2012/08/02 10:21:22 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter) DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt) DRV - [2011/01/06 19:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011/01/06 19:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010/07/12 16:16:33 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2010/07/12 16:16:13 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2010/07/12 16:16:12 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2010/06/29 17:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk) DRV - [2010/02/24 23:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/11/17 06:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2008/01/22 16:38:04 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007/10/16 06:29:00 | 000,989,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/10/16 06:28:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/10/16 06:28:16 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/09/26 12:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007/08/28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007/08/27 10:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/07/24 07:21:46 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007/06/18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2003/12/08 14:55:58 | 000,025,072 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://powerschool.merrimack.k12.nh.us/public/ IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes,DefaultScope = {DEDCF27B-3157-4674-920E-726F2A9C3CA8} IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\SearchScopes\{DEDCF27B-3157-4674-920E-726F2A9C3CA8}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "https://powerschool.merrimack.k12.nh.us/public/" FF - prefs.js..extensions.enabledAddons: ybxnmnddsq@ybxnmnddsq.org:2.5 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 12:09:55 | 000,000,000 | ---D | M] [2010/09/15 19:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions [2013/01/05 12:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions [2004/08/04 07:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions\ybxnmnddsq@ybxnmnddsq.org.xpi [2012/11/06 20:48:54 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\sjl8imbn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/12/28 17:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Documents and Settings\Lisa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/01/25 16:59:29 | 000,445,309 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15296 more lines... O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - No CLSID value found. O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [ApplicationHistory] rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW File not found O4 - HKU\S-1-5-19..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [ApplicationHistory] rundll32 "C:\Documents and Settings\Lisa\Local Settings\Application Data\Deployment\ApplicationHistory\qwocwqxhe.dll",DllRegisterServerW File not found O4 - HKU\S-1-5-20..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [DW6] File not found O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [Google] C:\Documents and Settings\Lisa\Local Settings\Application Data\HP\Google\qlggqkm.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [MotoCast] C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk () O4 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC) O15 - HKU\S-1-5-21-1417001333-527237240-2147181963-1004\..Trusted Domains: localhost ([]* in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278983986453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360087072390 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (Reg Error: Key error.) O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab (EZTwainX by Dosadi) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ive.snhmc.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0E437B4-5809-4718-8D30-3919F634EC64}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\rebinfo - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Lisa/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/12 17:28:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell - "" = AutoRun O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{445a62d6-30f6-11e1-b857-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe O33 - MountPoints2\{46e41942-36e8-11e0-b7c7-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\Installer.exe O33 - MountPoints2\{959d795d-405e-11e0-b7cd-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\Menu_PC.exe O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell - "" = AutoRun O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b0de9092-2245-11e2-b895-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell - "" = AutoRun O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d74e1163-7a14-11e1-b86c-0019d2d31fdf}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a O34 - HKLM BootExecute: (ጘ㓠Â䯠ҳ䚰É仸ጳ述ҳ) O34 - HKLM BootExecute: (䚰É仸ጳ还ҳ) O34 - HKLM BootExecute: (䚰É仸ጳ谰ҳ) O34 - HKLM BootExecute: (䚰É仸ጳ豈ҳ) O34 - HKLM BootExecute: (䚰É仸ጳ貐ҳ) O34 - HKLM BootExecute: ("䚰É") O34 - HKLM BootExecute: ("") O34 - HKLM BootExecute: ("䭐ҳ䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: (䚰É) O34 - HKLM BootExecute: (Î) O34 - HKLM BootExecute: ("ҳ䚰É") O34 - HKLM BootExecute: ("") O34 - HKLM BootExecute: ("䫰ҳ䚰É") O34 - HKLM BootExecute: ("") O34 - HKLM BootExecute: ("䫘ҳ䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: (䚰É赬፨䵠ҳ) O34 - HKLM BootExecute: ("䚰É ") O34 - HKLM BootExecute: (ጳ掀ҳ) O34 - HKLM BootExecute: (䚰É᪰ጵ) O34 - HKLM BootExecute: (ions.) O34 - HKLM BootExecute: (r翀׍瘈ፒ꾼ፍ畐ә) O34 - HKLM BootExecute: (f) O34 - HKLM BootExecute: (y.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AMP - C:\WINDOWS\system32\drivers\amp.sys (Commtouch, Inc.) SafeBootMin: AMPSE - C:\WINDOWS\system32\drivers\ampse.sys (Commtouch, Inc.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: vseamps - Service SafeBootMin: vsedsps - Service SafeBootMin: vseqrts - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AMP - C:\WINDOWS\system32\drivers\amp.sys (Commtouch, Inc.) SafeBootNet: AMPSE - C:\WINDOWS\system32\drivers\ampse.sys (Commtouch, Inc.) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: ioloSystemService - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vseamps - Service SafeBootNet: vsedsps - Service SafeBootNet: vseqrts - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/02/05 14:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe [2013/02/05 12:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2013/02/05 11:57:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013/02/04 20:20:43 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2013/02/04 12:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2013/02/03 16:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Carbonite [2013/02/03 12:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\RK_Quarantine [2013/01/31 23:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2013/01/25 17:04:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2013/01/23 17:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2013/01/23 17:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2013/01/23 17:15:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C [2013/01/18 17:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\Rootics2013 [2013/01/16 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Desktop\upload [2013/01/08 17:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\.morena [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/02/05 14:51:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe [2013/02/05 14:28:14 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2013/02/05 14:27:26 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\7yt45e4j.exe [2013/02/05 14:25:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/05 14:24:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/05 14:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/05 14:06:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/02/05 14:05:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005UA.job [2013/02/05 12:49:01 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\MotoCast Update.job [2013/02/05 12:48:39 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk [2013/02/05 12:48:39 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2013/02/05 12:45:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/02/05 12:14:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/02/05 12:08:11 | 000,505,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/05 12:08:11 | 000,089,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/05 12:06:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/02/05 11:36:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/02/04 20:24:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1003UA.job [2013/02/04 20:24:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1003Core.job [2013/02/04 16:19:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-527237240-2147181963-1005Core.job [2013/02/04 15:06:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Motorola Device Manager Engine.job [2013/02/03 16:47:07 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite InfoCenter.lnk [2013/02/03 16:37:11 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini [2013/01/31 23:12:17 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/01/25 16:59:29 | 000,445,309 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/01/19 14:05:52 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130125-165929.backup [2013/01/17 16:54:40 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130119-140552.backup [2013/01/17 16:54:13 | 000,445,309 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130117-165440.backup [2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2013/01/16 08:14:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/10 15:11:52 | 000,445,005 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130117-165413.backup [2013/01/10 15:11:43 | 000,445,005 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130110-151152.backup [2013/01/10 14:09:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/10 14:09:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/10 13:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/01/08 14:33:01 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130110-151143.backup [2013/01/08 14:32:27 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143301.backup [2013/01/08 14:31:46 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143227.backup [2013/01/08 13:11:42 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-143146.backup [2013/01/08 13:11:32 | 000,444,947 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130108-131142.backup [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/02/05 14:29:11 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\7yt45e4j.exe [2013/02/05 12:48:39 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk [2013/02/05 12:06:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Lisa\Start Menu\Programs\Internet Explorer.lnk [2013/02/04 12:23:09 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2013/02/04 12:19:59 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2013/02/03 11:53:21 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini [2013/01/25 22:37:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/01/18 17:11:07 | 000,038,305 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\suicidehotlinenumbers.pdf [2013/01/10 11:24:57 | 000,151,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/10/01 11:49:19 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat [2012/06/27 11:15:12 | 000,259,574 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/02/16 14:10:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/10 16:12:11 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\Lisa\.picasa.ini [2011/12/30 14:37:30 | 000,038,461 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Comma Separated Values (DOS).ADR [2011/12/30 14:32:40 | 000,038,450 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft Excel.ADR [2011/12/22 09:32:50 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI [2011/05/02 17:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll [2011/05/02 17:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll [2011/05/02 15:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2011/05/02 15:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2011/05/02 15:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/03/18 16:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2011/03/18 16:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2011/03/18 16:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2011/03/18 16:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2011/03/18 16:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2011/03/18 16:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2011/03/18 16:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011/02/27 12:41:00 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\fusioncache.dat [2011/02/22 14:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/02/22 14:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/02/12 09:27:26 | 000,059,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/28 08:32:19 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/16 19:57:41 | 000,030,311 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Tab Separated Values (Windows).ADR [2010/09/16 19:37:56 | 000,030,331 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\Comma Separated Values (Windows).ADR [2010/09/16 18:25:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Lisa\Application Data\$_hpcst$.hpc [2010/09/04 23:17:27 | 000,417,576 | ---- | C] () -- C:\Documents and Settings\Lisa\medrecform.jpg [2010/09/04 23:17:27 | 000,389,685 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec1_5_07.jpg [2010/09/04 23:17:27 | 000,389,685 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec1_5_07 - Copy.jpg [2010/09/04 23:17:27 | 000,364,979 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec2_5_07.jpg [2010/09/04 23:17:27 | 000,364,979 | ---- | C] () -- C:\Documents and Settings\Lisa\med_rec2_5_07 - Copy.jpg [2010/09/04 23:17:27 | 000,359,829 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt1.jpg [2010/09/04 23:17:27 | 000,359,829 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt1 - Copy.jpg [2010/09/04 23:17:27 | 000,254,339 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt2.jpg [2010/09/04 23:17:27 | 000,254,339 | ---- | C] () -- C:\Documents and Settings\Lisa\nsgasspt2 - Copy.jpg [2010/09/04 23:17:26 | 000,558,903 | ---- | C] () -- C:\Documents and Settings\Lisa\map1.jpg [2010/09/04 23:17:26 | 000,558,903 | ---- | C] () -- C:\Documents and Settings\Lisa\map1 - Copy.jpg [2010/09/04 23:17:26 | 000,558,708 | ---- | C] () -- C:\Documents and Settings\Lisa\map2.jpg [2010/09/04 23:17:26 | 000,558,708 | ---- | C] () -- C:\Documents and Settings\Lisa\map2 - Copy.jpg [2010/09/04 23:17:26 | 000,498,057 | ---- | C] () -- C:\Documents and Settings\Lisa\map3.jpg [2010/09/04 23:17:26 | 000,498,057 | ---- | C] () -- C:\Documents and Settings\Lisa\map3 - Copy.jpg [2010/09/04 23:17:26 | 000,319,231 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep 001.jpg [2010/09/04 23:17:26 | 000,308,796 | ---- | C] () -- C:\Documents and Settings\Lisa\M&C.jpg [2010/09/04 23:17:26 | 000,093,727 | ---- | C] () -- C:\Documents and Settings\Lisa\kevprogressreportoctober90.jpg [2010/09/04 23:17:26 | 000,024,282 | ---- | C] () -- C:\Documents and Settings\Lisa\lisasdickiewatch.jpg [2010/09/04 23:17:26 | 000,014,550 | ---- | C] () -- C:\Documents and Settings\Lisa\lisastimeteachingwatch.jpg [2010/09/04 23:17:25 | 000,628,219 | ---- | C] () -- C:\Documents and Settings\Lisa\flownote.jpg [2010/09/04 23:17:25 | 000,616,206 | ---- | C] () -- C:\Documents and Settings\Lisa\ibhsconsentfortx.jpg [2010/09/04 23:17:25 | 000,378,298 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic1.jpg [2010/09/04 23:17:25 | 000,378,298 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic1 - Copy.jpg [2010/09/04 23:17:25 | 000,374,363 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic2.jpg [2010/09/04 23:17:25 | 000,374,363 | ---- | C] () -- C:\Documents and Settings\Lisa\graphic2 - Copy.jpg [2010/09/04 23:17:25 | 000,335,685 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep3 001.jpg [2010/09/04 23:17:25 | 000,323,111 | ---- | C] () -- C:\Documents and Settings\Lisa\keviniep4 001.jpg [2010/09/04 23:17:25 | 000,283,487 | ---- | C] () -- C:\Documents and Settings\Lisa\goalsettingsheet.jpg [2010/09/04 23:17:25 | 000,184,576 | ---- | C] () -- C:\Documents and Settings\Lisa\hcra_items.bmp [2010/09/04 23:17:25 | 000,140,079 | ---- | C] () -- C:\Documents and Settings\Lisa\finalexam1.jpg [2010/09/04 23:17:25 | 000,136,879 | ---- | C] () -- C:\Documents and Settings\Lisa\finalexam2.jpg [2010/09/04 23:17:25 | 000,080,152 | ---- | C] () -- C:\Documents and Settings\Lisa\keviepq2pg1.jpg [2010/09/04 23:17:25 | 000,040,445 | ---- | C] () -- C:\Documents and Settings\Lisa\johnsswissarmywatch.jpg [2010/09/04 23:17:25 | 000,037,586 | ---- | C] () -- C:\Documents and Settings\Lisa\FSA_card.jpg [2010/09/04 23:17:25 | 000,006,673 | ---- | C] () -- C:\Documents and Settings\Lisa\exercise_log.htm [2010/09/04 23:17:24 | 000,322,614 | ---- | C] () -- C:\Documents and Settings\Lisa\diagram.bmp [2010/09/04 23:17:24 | 000,050,256 | ---- | C] () -- C:\Documents and Settings\Lisa\courtschoolpic1.jpg [2010/09/04 23:17:24 | 000,028,853 | ---- | C] () -- C:\Documents and Settings\Lisa\courtschoolpic.jpg [2010/09/04 23:17:23 | 026,053,892 | ---- | C] () -- C:\Documents and Settings\Lisa\courtney_pizza_ad.wmv [2010/09/04 23:17:23 | 002,305,921 | ---- | C] () -- C:\Documents and Settings\Lisa\courtney_ad.mp4 [2010/09/04 23:17:23 | 000,229,628 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap3.jpg [2010/09/04 23:17:23 | 000,213,833 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap4.jpg [2010/09/04 23:17:23 | 000,152,815 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap1.jpg [2010/09/04 23:17:23 | 000,143,284 | ---- | C] () -- C:\Documents and Settings\Lisa\courtnecap2.jpg [2010/09/04 23:17:22 | 000,352,715 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd.jpg [2010/09/04 23:17:22 | 000,352,715 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd - Copy.jpg [2010/09/04 23:17:22 | 000,318,647 | ---- | C] () -- C:\Documents and Settings\Lisa\control_drug_log.jpg [2010/09/04 23:17:22 | 000,318,647 | ---- | C] () -- C:\Documents and Settings\Lisa\control_drug_log - Copy.jpg [2010/09/04 23:17:22 | 000,305,226 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd_3_10.jpg [2010/09/04 23:17:22 | 000,305,226 | ---- | C] () -- C:\Documents and Settings\Lisa\cesd_3_10 - Copy.jpg [2010/09/04 23:17:22 | 000,274,386 | ---- | C] () -- C:\Documents and Settings\Lisa\bookjacket.jpg [2010/09/04 23:17:22 | 000,173,755 | ---- | C] () -- C:\Documents and Settings\Lisa\1.jpg [2010/09/04 23:17:22 | 000,169,820 | ---- | C] () -- C:\Documents and Settings\Lisa\2.jpg [2010/09/04 23:17:22 | 000,152,319 | ---- | C] () -- C:\Documents and Settings\Lisa\4.jpg [2010/09/04 23:17:22 | 000,146,402 | ---- | C] () -- C:\Documents and Settings\Lisa\andymelamedorderseen10th.jpg [2010/09/04 23:17:22 | 000,126,796 | ---- | C] () -- C:\Documents and Settings\Lisa\big.bmp [2010/09/04 23:17:22 | 000,098,258 | ---- | C] () -- C:\Documents and Settings\Lisa\3.jpg [2010/09/04 23:17:22 | 000,080,411 | ---- | C] () -- C:\Documents and Settings\Lisa\andycogentinorderchanged8th.jpg [2010/09/04 23:17:22 | 000,079,117 | ---- | C] () -- C:\Documents and Settings\Lisa\5.jpg [2010/09/04 23:17:22 | 000,073,653 | ---- | C] () -- C:\Documents and Settings\Lisa\andylachydrinorder10th.jpg [2010/09/04 23:17:22 | 000,073,595 | ---- | C] () -- C:\Documents and Settings\Lisa\andycogentindcd8thpriororder.jpg [2010/09/04 23:17:22 | 000,068,508 | ---- | C] () -- C:\Documents and Settings\Lisa\andymedsheetwithpriorcogentinorderdcd.jpg [2010/09/04 23:17:22 | 000,059,311 | ---- | C] () -- C:\Documents and Settings\Lisa\chopshop166pic.jpg [2010/09/04 23:17:22 | 000,053,603 | ---- | C] () -- C:\Documents and Settings\Lisa\andymedconsultorder4th.jpg [2010/09/04 23:17:22 | 000,047,374 | ---- | C] () -- C:\Documents and Settings\Lisa\andystartedneworderaftererrordiscovered.jpg [2010/09/04 23:17:22 | 000,019,508 | ---- | C] () -- C:\Documents and Settings\Lisa\chopshopteam166.htm [2010/09/04 23:17:22 | 000,014,646 | ---- | C] () -- C:\Documents and Settings\Lisa\a1c.html [2010/09/04 16:26:07 | 000,008,413 | ---- | C] () -- C:\Documents and Settings\Lisa\Cube.png [2010/09/04 16:26:07 | 000,004,911 | ---- | C] () -- C:\Documents and Settings\Lisa\Triangle 3D thing.jpg [color=#E56717]========== ZeroAccess Check ==========[/color] [2010/07/13 06:17:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/01/04 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium [2010/09/16 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/09/25 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2013/01/04 01:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2012/06/27 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola [2010/09/26 17:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/11/17 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/08/30 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Inbox Toolbar [2011/08/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\iolo [2013/01/25 16:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Motorola Mobility [2011/12/26 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\.minecraft [2013/01/24 21:41:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C [2010/11/28 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amazon [2011/02/02 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BatteryBar [2011/08/23 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Garmin [2011/02/27 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GCPublishers [2010/09/15 19:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Inbox Toolbar [2012/01/03 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iolo [2010/09/29 19:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Juniper Networks [2013/02/05 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MotoCast [2012/11/06 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\motorola [2012/11/06 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Motorola Mobility [2010/09/17 21:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RebateInformer [2011/12/27 15:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TS3Client [2013/01/04 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\WindowsSession [2010/09/16 18:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo [2013/01/04 01:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2012/10/31 21:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/11/17 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/11/17 18:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2013/01/04 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium [2010/09/16 18:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/09/25 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2010/09/09 19:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2010/09/09 19:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2010/09/09 19:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2010/09/09 19:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2013/01/04 01:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2010/07/13 17:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/01/02 11:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/01/02 11:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan [2013/02/04 12:19:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2012/06/27 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola [2012/11/21 12:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2010/09/16 13:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2011/12/22 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/09/26 17:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/09/09 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2010/07/13 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2010/11/17 18:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe [2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AcrobatUpdater.exe [2012/12/03 02:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AdobeARM.exe [2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\AdobeARMHelper.exe [2012/12/03 02:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.4\15056\ReaderUpdater.exe [2012/01/03 12:44:25 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe [2011/06/26 17:14:45 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.3.1.55\SetupAdmin.exe [2011/07/21 13:35:56 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.4.0.80\SetupAdmin.exe [2011/10/19 15:20:00 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.0.142\SetupAdmin.exe [2012/03/05 18:43:26 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.3.3\SetupAdmin.exe [2012/05/31 12:10:12 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.6.1.7\SetupAdmin.exe [2011/02/10 15:22:55 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.19.4\SetupAdmin.exe [2011/03/11 09:50:07 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.20.27\SetupAdmin.exe [2011/06/26 15:31:17 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.21.1\SetupAdmin.exe [2011/07/21 13:42:41 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.50.0\SetupAdmin.exe [2012/03/05 18:18:45 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe [2010/09/03 23:27:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgemc.exe [2012/12/06 23:41:14 | 000,674,120 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\All Users\Application Data\iolo\IRestartStub.exe [2010/09/07 08:37:44 | 041,957,480 | ---- | M] (iolo technologies, LLC ) -- C:\Documents and Settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe [2012/12/07 00:51:04 | 012,663,376 | ---- | M] (iolo technologies, LLC ) -- C:\Documents and Settings\All Users\Application Data\iolo\System Shield\SSEngineUpd.exe [2013/01/04 08:55:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [2009/09/23 10:01:06 | 000,214,320 | ---- | M] (Nero AG) -- C:\Documents and Settings\All Users\Application Data\Nero\OnlineServices\NOS_CAExe.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2011/12/26 15:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\.minecraft [2013/01/24 21:41:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lisa\Application Data\2CE4E61C [2012/03/01 19:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Adobe [2010/11/28 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Amazon [2012/11/04 22:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Apple Computer [2011/02/02 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\BatteryBar [2010/11/10 21:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\CyberLink [2012/05/01 13:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\DivX [2011/08/23 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Garmin [2011/02/27 12:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\GCPublishers [2012/03/13 09:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\HpUpdate [2010/09/04 17:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Identities [2010/09/15 19:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Inbox Toolbar [2011/12/30 14:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\InstallShield [2010/07/13 17:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Intel [2012/01/03 14:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iolo [2010/09/29 19:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Juniper Networks [2010/09/05 16:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Macromedia [2010/09/05 17:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Malwarebytes [2012/10/23 15:39:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lisa\Application Data\Microsoft [2013/02/05 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MotoCast [2012/11/06 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\motorola [2012/11/06 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Motorola Mobility [2011/12/27 16:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Mozilla [2010/11/25 12:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Real [2010/09/17 21:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\RebateInformer [2011/12/22 10:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Sun [2011/12/27 15:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TS3Client [2011/04/23 22:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\U3 [2013/01/04 15:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\WindowsSession [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2010/07/06 14:11:44 | 000,492,208 | ---- | M] (iolo technologies, LLC) -- C:\Documents and Settings\Lisa\Application Data\iolo\IRestartStub.exe [2010/09/09 19:25:42 | 002,826,192 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Lisa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_00A2B159EC25728DD0F170.exe [2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_0F16B68AE7780754B68FFC.exe [2011/12/22 14:53:02 | 000,045,126 | R--- | M] () -- C:\Documents and Settings\Lisa\Application Data\Microsoft\Installer\{A12EA295-32EA-42BB-8442-2C2BE852D4AA}\_6FEFF9B68218417F98F549.exe [2006/04/05 18:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Lisa\Application Data\U3\temp\cleanup.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys [2010/07/12 16:14:16 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\NLDRV\007\iastor.sys [2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys [2010/07/12 16:14:16 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys [2005/10/12 11:08:52 | 000,508,416 | ---- | M] (Intel Corporation) MD5=7C2D98D430DD91570DB63E819B9BC7E0 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2010/07/12 13:14:55 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010/07/12 13:14:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010/07/12 13:14:55 | 000,929,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF @Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Lisa\My Documents\PCLECHAL.INI:KAVICHS < End of report >