i feel like i was just in here and got some great help, but my computer is slowing, noticeably, again. which is to say that upon start up, it takes more than 5 minutes for the computer to start responding to my clicks, and frequently when browsing online the screens will be unresponsive for a minute or two.
also MBAM has crashed twice in the last couple days.
also this may be related since i've installed avast and online armor, i'm consistently getting an error message in my autoCAD program (autoCAD LT 2004 if that matters) that says: FATAL ERROR Unhandled Access Violation Reading 0x0054 Exception at 72cbc4h. just added autocad to my trusted folder in avast, but don't know if i'll have to restart for that to take affect?
two things seems related:
1. i'd been running the trend micro pc-cillin firewall for years, and then their "platinum" version came out and just made everything move increeeeeeeedibly slow. so i disabled it for awhile, thinking i would go back to using some freeware. but it took me about a month to make time to do that, so in the meantime i was online basically unprotected except for the windows firewall and malwarebytes' anti-malware. i figure i must have accumulated some malware in that time, but the MBAM quick scan has been coming up clean.
2. then i downloaded online armor and avast, and i'm guessing that they're doing good things. but the computer's been crashing more than before. so i don't know if i've got malware that's ruining everything, or if i don't have the three programs well-configured to work together.
i also have spywareblaster. do i need to turn that on when i start up? sorry if that's a dumb question. i'm perpetually behind the times on this stuff.
oh! final thing: i always see a double-underlined link on my sign-in page to geeks-to-go. is that a paid ad, or is that adware on my computer? i'm not seeing them elsewhere when i browse.
thanks so much everybody.
best -- sue
**********
OTL LOG
OTL logfile created on: 4/5/2013 4:53:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Meddle\Desktop\fight club
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.37 Mb Total Physical Memory | 308.22 Mb Available Physical Memory | 30.39% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.80 Gb Total Space | 7.28 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 403.41 Gb Free Space | 43.31% Space Free | Partition Type: NTFS
Computer Name: CASCADE | User Name: Meddle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Meddle\Desktop\fight club\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\13040501\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_shn.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\System\playlist.w5s ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\System\watcher.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_nowplaying.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_wire.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files\Winamp\System\aacPlusDecoder.w5s ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\System\tagz.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files\Winamp\System\xml.w5s ()
MOD - C:\Program Files\Winamp\System\png.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Winamp\nde.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_xpdxs.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Winamp\Plugins\read_file.dll ()
MOD - C:\Program Files\Winamp\Plugins\freeform\wacs\jpgload\jpgload.wac ()
MOD - C:\Program Files\Winamp\Plugins\in_mpc.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flac.dll ()
MOD - C:\WINDOWS\system32\ngprtserv.dll ()
========== Services (SafeList) ==========
SRV - (getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Sentinel RMS License Manager) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe (SafeNet, Inc.)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (echo1394) -- C:\WINDOWS\system32\drivers\echo1394.sys (Echo Digital Audio Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS ()
DRV - (Sentinel) -- C:\WINDOWS\system32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 F4 EA 33 ED AC CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F BD FE 10 ED B9 29 4C A8 69 03 9F 26 C0 31 67 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2AC18CD2-D729-498D-AB8C-79683DB8FFBA}
IE - HKCU\..\SearchScopes\{2AC18CD2-D729-498D-AB8C-79683DB8FFBA}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=386496"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/23 16:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ [2013/02/21 17:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/02 12:27:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/02 13:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/02 13:11:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012/10/11 17:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Extensions
[2011/02/16 17:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/12/09 13:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\b8sfkssw.default\extensions
[2013/01/31 13:08:25 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Mozilla\Firefox\Profiles\b8sfkssw.default\searchplugins\youtube.xml
[2013/03/10 21:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/02 12:27:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/03/10 21:09:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/26 21:50:40 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/10/14 14:54:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1148501628630 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D286BE99-4C0C-4FDE-9DF9-42F3978FEDC0}: DhcpNameServer = 208.67.222.222 208.67.220.220 8.8.4.4
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Meddle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 02:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/26 09:23:22 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/05 16:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Desktop\fight club
[2013/04/02 13:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/04/02 13:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/04/02 13:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/04/02 12:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/04/02 12:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/04/02 12:28:25 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/04/02 12:28:24 | 000,368,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/04/02 12:28:21 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/04/02 12:28:20 | 000,062,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/04/02 12:28:19 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/04/02 12:28:13 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/04/02 12:28:12 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/04/02 12:26:48 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/04/02 12:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/02 12:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/04/02 12:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/04/02 12:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/04/02 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/04/02 12:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meddle\Application Data\OnlineArmor
[2013/04/02 12:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/04/02 12:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2013/04/02 12:08:44 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2013/04/02 12:08:44 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2013/04/02 12:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2013/04/01 16:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/10 21:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013/04/05 17:05:09 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/05 16:48:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/05 16:33:24 | 000,000,109 | ---- | M] () -- C:\WINDOWS\System32\prsrvk.tgz
[2013/04/05 16:33:24 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\prsrvk.dll
[2013/04/05 16:33:21 | 000,000,086 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2013/04/05 16:33:20 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\nsprs.dll
[2013/04/05 16:32:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/05 16:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 16:32:12 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 10:57:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/04 14:19:46 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\aclt.err
[2013/04/04 14:19:45 | 000,006,039 | ---- | M] () -- C:\Documents and Settings\Meddle\My Documents\acltstk.dmp
[2013/04/02 12:28:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/04/02 12:28:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/04/02 12:15:21 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/04/02 12:09:10 | 000,477,306 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/02 12:09:10 | 000,078,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/02 12:08:45 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\Online Armor.lnk
[2013/04/02 11:27:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/01 16:52:13 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/23 12:34:42 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\burnaware.ini
[2013/03/18 19:47:47 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Meddle\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org Writer.lnk
[2013/03/18 19:42:46 | 000,097,943 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\winter's come and gone.jpg
[2013/03/13 17:54:36 | 000,198,311 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\734444_168484869969208_2141781502_n.jpg
[2013/03/12 09:34:07 | 000,026,129 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\rka VoiceDetails.csv
[2013/03/12 09:33:43 | 000,022,788 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\VoiceDetails.csv
[2013/03/12 09:32:40 | 000,114,071 | ---- | M] () -- C:\Documents and Settings\Meddle\Desktop\verizon statement.pdf
========== Files Created - No Company Name ==========
[2013/04/02 12:28:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/04/02 12:28:18 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/02 12:28:18 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/02 12:28:17 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/02 12:15:21 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/04/02 12:08:45 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\Online Armor.lnk
[2013/04/02 12:08:44 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2013/04/02 12:08:43 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2013/04/01 16:52:13 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/18 19:42:44 | 000,097,943 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\winter's come and gone.jpg
[2013/03/13 17:54:33 | 000,198,311 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\734444_168484869969208_2141781502_n.jpg
[2013/03/12 09:34:06 | 000,026,129 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\rka VoiceDetails.csv
[2013/03/12 09:33:42 | 000,022,788 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\VoiceDetails.csv
[2013/03/12 09:32:38 | 000,114,071 | ---- | C] () -- C:\Documents and Settings\Meddle\Desktop\verizon statement.pdf
[2013/02/19 14:46:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\w_madriver.dll
[2013/01/15 16:15:00 | 000,032,268 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2013/01/15 14:20:55 | 140,199,357 | ---- | C] () -- C:\Program Files\paperport.zip
[2013/01/02 15:20:54 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\burnaware.ini
[2012/11/09 11:42:13 | 000,000,317 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\poetsch.bat
[2012/10/14 16:32:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\System32\prsrvk.dll
[2012/10/14 16:32:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2012/10/14 14:58:31 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/10/12 19:41:56 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\store-pp.jbs
[2012/08/19 13:15:59 | 000,041,528 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/08/09 17:05:50 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/03/04 14:39:38 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012/03/04 14:38:52 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\rvkauth2.dll
[2012/03/04 14:38:51 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\rvkauth1.dll
[2012/02/15 11:23:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/20 16:21:46 | 025,552,579 | ---- | C] () -- C:\Program Files\cool backup info.zip
[2011/07/20 11:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/18 22:10:49 | 006,814,952 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/04/18 22:10:49 | 000,017,766 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007/01/09 13:25:54 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/13 10:26:31 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/26 10:34:21 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JPR.{PB
[2006/05/26 10:34:21 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Meddle\Application Data\PFP120JCM.{PB
[2006/05/24 13:07:03 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Meddle\Local Settings\Application Data\fusioncache.dat
[2006/05/21 13:55:19 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
========== ZeroAccess Check ==========
[2005/08/16 02:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/01/11 13:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2006/05/24 15:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/04/02 12:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/04 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/02/27 11:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2013/04/02 12:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/04/03 12:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/01/15 16:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/05 11:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/04/07 11:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/07 11:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2013/04/03 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/12 10:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tracktion 2
[2010/09/05 11:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2013/01/15 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2010/09/28 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/04 17:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{55BB476E-39AF-4872-82A7-A1D535E12361}
[2010/03/04 11:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/01/21 14:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Amazon
[2011/11/23 18:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\AnvSoft
[2012/12/11 16:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Auslogics
[2006/05/24 15:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Autodesk
[2012/10/17 13:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Azureus
[2009/07/15 15:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canneverbe_Limited
[2008/04/07 13:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Canon
[2012/09/13 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\dBpoweramp
[2011/11/23 16:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\DDMSettings
[2013/01/23 13:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Dropbox
[2008/06/06 11:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Echo AudioFire Console
[2012/12/09 14:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Foxit Software
[2013/01/17 14:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\freac
[2010/10/21 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\FreeAudioPack
[2008/07/18 07:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\iPodder
[2010/09/05 11:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Leadertech
[2006/06/13 10:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Mathsoft
[2013/04/02 12:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\OnlineArmor
[2011/02/17 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\QuickScan
[2013/01/15 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\ScanSoft
[2011/02/16 17:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Thunderbird
[2013/04/05 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\uTorrent
[2013/01/17 17:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\WinFF
[2013/01/15 16:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Meddle\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Edited by sue dinym, 05 April 2013 - 08:54 PM.