OTL logfile created on: 2/21/2010 12:44:42 PM - Run 1 OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Jo\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.48 Gb Total Space | 512.58 Gb Free Space | 88.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JO-PC Current User Name: Jo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/02/21 12:42:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe PRC - [2010/02/11 13:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/08/17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/02/21 12:42:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe MOD - [2010/02/01 19:37:43 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFWAH.dll MOD - [2009/07/13 20:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV:[b]64bit:[/b] - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV:[b]64bit:[/b] - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2010/01/29 08:03:16 | 001,083,144 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:[b]64bit:[/b] - [2009/11/12 16:33:14 | 000,660,256 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV:[b]64bit:[/b] - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2009/07/02 18:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2010/01/25 10:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2009/11/13 17:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/11/06 21:19:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/08/17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/07/08 12:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - [2009/07/08 12:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2009/07/08 12:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007/12/06 23:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2007/12/06 23:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9) SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.msn.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: aging-tabs@design-noir.de:0.7.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.5.2 FF - prefs.js..extensions.enabledItems: {6BFD307A-C040-11DA-9749-FB1C850B47DF}:2.1.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.47 FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5 FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.2 FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.5.2 FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.2 FF - prefs.js..extensions.enabledItems: theme@yogurttree.com:0.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/19 00:29:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/19 00:29:13 | 000,000,000 | ---D | M] [2009/11/23 19:03:49 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Extensions [2010/02/20 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions [2009/12/09 07:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF} [2010/02/13 10:24:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/02/07 01:20:50 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{961408A3-C970-4577-970A-D97C29839A67} [2009/11/23 19:06:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/01/15 23:30:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/01/08 08:58:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/29 11:54:44 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/02/10 15:24:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/11/23 20:00:29 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\aging-tabs@design-noir.de [2010/01/21 09:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\Foxdie@tanjihay.com [2010/01/21 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\foxdie_ext_ocelot@foxdie.us [2010/02/07 01:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\silvermel@pardal.de [2010/02/07 01:20:52 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\silvermelxt@pardal.de [2009/12/12 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\theme@yogurttree.com [2010/01/21 22:36:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\ikefse2k.default\extensions\youtube2mp3@mondayx.de [2009/11/23 19:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Autorun Eater] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2009/07/13 22:20:14 | 000,000,000 | ---D | M] NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) OTL cannot create restorepoints on Vista OSs! [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/02/21 12:42:17 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe [2010/02/20 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2010/02/20 22:04:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/02/20 21:25:38 | 000,059,880 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2010/02/20 21:25:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2010/02/20 21:25:25 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2010/02/20 21:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2010/02/20 21:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/02/10 15:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010/02/10 15:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS [2010/02/10 08:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010/02/07 18:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\PowerDVD DX [2010/02/07 18:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Jo\Desktop\*.tmp files -> C:\Users\Jo\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010/02/21 12:46:47 | 004,718,592 | -HS- | M] () -- C:\Users\Jo\ntuser.dat [2010/02/21 12:42:30 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe [2010/02/21 11:40:14 | 000,715,296 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/02/21 11:40:14 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/02/21 11:40:14 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/02/21 11:21:01 | 000,037,888 | ---- | M] () -- C:\Users\Public\Documents\Multiplication Games Instructions.doc [2010/02/21 09:22:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/02/21 09:22:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/02/21 09:12:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/02/21 09:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/02/21 09:12:12 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys [2010/02/21 02:05:27 | 001,758,338 | -H-- | M] () -- C:\Users\Jo\AppData\Local\IconCache.db [2010/02/21 00:31:18 | 000,019,257 | ---- | M] () -- C:\Users\Public\Documents\student work personifications.docx [2010/02/20 13:07:08 | 000,030,720 | ---- | M] () -- C:\Users\Public\Documents\Reading Assignment Praise Talk.doc [2010/02/20 12:53:48 | 000,032,768 | ---- | M] () -- C:\Users\Public\Documents\Reading Assignment Discipline.doc [2010/02/19 23:37:38 | 000,079,360 | ---- | M] () -- C:\Users\Jo\Desktop\SESSION 3 TEACHER TALK PRAISE.doc [2010/02/19 18:26:01 | 000,039,424 | ---- | M] () -- C:\Users\Public\Documents\Lesson Script.doc [2010/02/17 09:31:37 | 000,087,552 | ---- | M] () -- C:\Users\Jo\Desktop\SESSION 2 DISCIPLINE TALK.doc [2010/02/17 07:43:23 | 000,049,664 | ---- | M] () -- C:\Users\Jo\Desktop\Brain Introductory Lesson.doc [2010/02/16 19:05:01 | 000,251,904 | ---- | M] () -- C:\Users\Jo\Desktop\Brain Lesson Worksheet.doc [2010/02/16 12:32:54 | 000,053,248 | ---- | M] () -- C:\Users\Jo\Desktop\Sze Wong 1A.doc [2010/02/16 09:31:22 | 000,044,741 | ---- | M] () -- C:\Users\Jo\Desktop\305_image.gif [2010/02/15 21:42:35 | 000,010,207 | ---- | M] () -- C:\Users\Public\Documents\script.docx [2010/02/15 20:59:30 | 000,048,640 | ---- | M] () -- C:\Users\Jo\Desktop\Sze Wong 1.doc [2010/02/15 16:21:54 | 000,485,888 | ---- | M] () -- C:\Users\Public\Documents\Nervous System Brain Worksheet.doc [2010/02/15 16:15:01 | 000,188,416 | ---- | M] () -- C:\Users\Public\Documents\Nervous System Chart Paper.doc [2010/02/14 19:00:39 | 000,012,209 | ---- | M] () -- C:\Users\Jo\Desktop\The left hemisphere controls.docx [2010/02/13 21:07:20 | 000,043,008 | ---- | M] () -- C:\Users\Jo\Desktop\724 CLASS SCHEDULE AND READINGS.doc [2010/02/13 14:57:47 | 000,030,720 | ---- | M] () -- C:\Users\Public\Documents\Week 2 Reflection.doc [2010/02/13 10:21:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr [2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe [2010/02/11 13:42:38 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010/02/11 13:42:19 | 000,120,912 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010/02/11 13:39:04 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010/02/11 13:38:49 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010/02/11 13:38:25 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010/02/10 21:40:56 | 000,008,259 | ---- | M] () -- C:\Users\Jo\Desktop\hemisphere.gif [2010/02/10 17:04:22 | 008,392,192 | ---- | M] () -- C:\Users\Jo\Desktop\STUDENT TEACHING PORTFOLIOS.ppt [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Jo\Desktop\*.tmp files -> C:\Users\Jo\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/02/21 10:33:43 | 000,037,888 | ---- | C] () -- C:\Users\Public\Documents\Multiplication Games Instructions.doc [2010/02/20 23:17:17 | 000,019,257 | ---- | C] () -- C:\Users\Public\Documents\student work personifications.docx [2010/02/20 12:51:57 | 000,030,720 | ---- | C] () -- C:\Users\Public\Documents\Reading Assignment Praise Talk.doc [2010/02/19 23:37:37 | 000,079,360 | ---- | C] () -- C:\Users\Jo\Desktop\SESSION 3 TEACHER TALK PRAISE.doc [2010/02/18 22:00:28 | 000,032,768 | ---- | C] () -- C:\Users\Public\Documents\Reading Assignment Discipline.doc [2010/02/16 18:48:21 | 000,039,424 | ---- | C] () -- C:\Users\Public\Documents\Lesson Script.doc [2010/02/16 12:06:57 | 000,053,248 | ---- | C] () -- C:\Users\Jo\Desktop\Sze Wong 1A.doc [2010/02/16 09:31:21 | 000,044,741 | ---- | C] () -- C:\Users\Jo\Desktop\305_image.gif [2010/02/15 23:00:20 | 000,251,904 | ---- | C] () -- C:\Users\Jo\Desktop\Brain Lesson Worksheet.doc [2010/02/15 20:59:30 | 000,048,640 | ---- | C] () -- C:\Users\Jo\Desktop\Sze Wong 1.doc [2010/02/15 15:56:00 | 000,010,207 | ---- | C] () -- C:\Users\Public\Documents\script.docx [2010/02/15 15:28:09 | 000,188,416 | ---- | C] () -- C:\Users\Public\Documents\Nervous System Chart Paper.doc [2010/02/14 19:00:38 | 000,012,209 | ---- | C] () -- C:\Users\Jo\Desktop\The left hemisphere controls.docx [2010/02/13 21:10:01 | 000,087,552 | ---- | C] () -- C:\Users\Jo\Desktop\SESSION 2 DISCIPLINE TALK.doc [2010/02/13 21:07:20 | 000,043,008 | ---- | C] () -- C:\Users\Jo\Desktop\724 CLASS SCHEDULE AND READINGS.doc [2010/02/12 21:45:36 | 000,030,720 | ---- | C] () -- C:\Users\Public\Documents\Week 2 Reflection.doc [2010/02/10 21:45:22 | 000,485,888 | ---- | C] () -- C:\Users\Public\Documents\Nervous System Brain Worksheet.doc [2010/02/10 21:40:55 | 000,008,259 | ---- | C] () -- C:\Users\Jo\Desktop\hemisphere.gif [2010/02/10 17:03:30 | 008,392,192 | ---- | C] () -- C:\Users\Jo\Desktop\STUDENT TEACHING PORTFOLIOS.ppt [2010/01/24 14:49:00 | 000,000,200 | ---- | C] () -- C:\Users\Jo\AppData\Roaming\wklnhst.dat [2009/12/10 00:01:58 | 000,258,224 | ---- | C] () -- C:\Users\Jo\AppData\Local\rx_image.Cache [2009/12/10 00:01:57 | 000,006,324 | ---- | C] () -- C:\Users\Jo\AppData\Local\rx_audio.Cache [2009/12/08 18:25:13 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2009/12/08 18:24:21 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini [2009/12/03 07:46:03 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/12/03 07:46:00 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/12/03 07:45:59 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/12/03 07:45:59 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/12/03 07:45:57 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/12/03 07:45:57 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/11/29 01:38:07 | 000,007,607 | ---- | C] () -- C:\Users\Jo\AppData\Local\Resmon.ResmonCfg [2009/11/06 23:13:26 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009/11/06 23:13:26 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2009/11/27 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\acccore [2009/11/24 23:20:21 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AndrosaSoft [2010/01/16 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Auslogics [2010/01/29 11:34:00 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Epson [2009/12/08 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Leadertech [2009/11/28 23:11:42 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\NCH Swift Sound [2009/12/22 10:30:07 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Research In Motion [2010/01/16 21:35:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\ScanSoft [2010/01/26 11:05:06 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Template [2010/01/26 11:05:45 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Windows Live Writer [2010/01/20 17:45:35 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/11/06 23:05:03 | 000,003,665 | RH-- | M] () -- C:\dell.sdr [2010/02/21 09:12:12 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys [2009/11/30 23:20:52 | 000,000,349 | -H-- | M] () -- C:\IPH.PH [2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll [2010/02/21 09:12:13 | 4283,617,280 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [color=#A23BEC]< c:\windows\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< c:\windows\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >