Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

D Drive wont Recognize Any Disc (Installation) [Solved]

Started by polling , May 06 2010 01:12 PM

  • This topic is locked This topic is locked

#1
polling
Posted 06 May 2010 - 01:12 PM

polling

    Member

  • Member
  • PipPipPip
  • 303 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4072

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2010 2:18:04 PM
mbam-log-2010-05-06 (14-18-04).txt

Scan type: Quick scan
Objects scanned: 144002
Time elapsed: 20 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\sound32.dll (Trojan.Agent) -> No action taken.











GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 14:52:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Frank\LOCALS~1\Temp\kwrcypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF578DFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF578AC80]
SSDT F7B95CD6 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF578E580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF57A2900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF57A2B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF57A6B10]
SSDT F7B95CCC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF578E670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF578B210]
SSDT F7B95CDB ZwDeleteKey
SSDT F7B95CE5 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF57A2280]
SSDT F7B95CEA ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF57A5F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF578B070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF57A4180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF57A3F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF57A66F0]
SSDT F7B95CF4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF578DBE0]
SSDT F7B95CEF ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF578E190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF578B440]
SSDT F7B95CE0 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF57A3200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF57A3080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, E5, 78, F5, 00, 29, 7A, ...] {AND CH, 0x78; CMC ; ADD [ECX], CH; JP 0xfffffffffffffffd; ADC [EBX], CH; JP 0x1}
.text ntoskrnl.exe!_abnormal_termination + 1D4 804E2840 8 Bytes JMP 90F7B95C
? qhili.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF757FB8D]
init C:\WINDOWS\System32\Drivers\sunkfilt39.sys entry point in "init" section [0xF7877360]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Palm\Hotsync.exe[3016] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3696] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----








OTL logfile created on: 5/6/2010 2:53:51 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 119.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 41.36 Gb Free Space | 27.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-84J1T8A8N
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
PRC - [2010/04/03 12:55:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/07 15:47:02 | 000,440,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2003/12/18 03:39:40 | 000,802,868 | ---- | M] (AHEAD Software) -- C:\Program Files\Ahead\InCD\incdsrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/01/25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2003/12/18 03:39:40 | 000,802,868 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/01/12 19:13:58 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/16 17:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 17:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 17:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/09/15 21:23:07 | 000,648,952 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/06/09 16:12:08 | 000,018,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/30 15:18:37 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/03/23 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/04 10:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/18 03:43:10 | 000,028,752 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/12/18 03:42:46 | 000,091,712 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/11/14 18:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/16 19:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/31 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/03/31 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/03/31 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/03/31 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/03/31 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/03/31 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/03/31 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/03/31 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/03/31 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/03/31 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/03/31 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/03/31 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/03/31 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/03/31 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/03/31 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/03/20 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...rlz=1R0GGGL_en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07075003
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: [email protected]:4.5

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/05 22:48:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 01:18:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 09:00:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 13:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/04/14 09:00:58 | 000,000,000 | ---D | M]

[2008/06/17 12:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2010/05/06 09:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions
[2008/06/19 00:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/14 16:24:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/14 23:35:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/03/17 10:33:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/21 16:27:24 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/15 13:47:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/01 16:31:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 14:56:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/08 19:24:33 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2009/06/20 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\bettergmail2@ginatrapani(2).org
[2009/11/20 19:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/03/20 23:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2008/05/14 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/04/13 10:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/03/20 23:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\SkipScreen@SkipScreen
[2010/05/06 09:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/05/14 14:35:49 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/01/13 03:36:36 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1209253097281 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://remote.dteen...o.com dwa7W.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 22:28:21 | 000,000,782 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 13:54:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/05/07 18:10:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/06 14:52:53 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/05/06 13:44:37 | 001,870,688 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HousecallLauncher.exe
[2010/05/05 23:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\HPAppData
[2010/05/05 22:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/05/05 22:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\HP
[2010/05/05 22:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/05 22:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\Yahoo!
[2010/05/05 22:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/05/05 22:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/05 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/05 22:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj4500g510g-m
[2010/05/03 11:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Hayes_files
[2010/04/29 10:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 16:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Warren Files
[2010/04/17 14:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\326 Gratiot Docs
[2010/04/10 12:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\326 N Gratiot Pics
[2010/04/02 10:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Nottingham Docs
[2010/03/31 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Unused Desktop Shortcuts
[2010/03/31 12:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/03/31 11:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\QuickScan
[2010/03/29 10:54:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Frank\Recent
[2010/03/28 00:19:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/26 19:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Pics of Les Work
[2010/03/24 15:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\12 House Pics
[2010/03/03 00:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\My Documents\PDF-TIFF-Tools.com
[2010/03/03 00:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Local Settings\Application Data\PDF-TIFF-Tools.com
[2010/03/02 23:59:39 | 001,746,864 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.Unicode.v11.2.0.ocx
[2010/03/02 23:59:39 | 000,665,600 | ---- | C] (Alientools Software) -- C:\WINDOWS\System32\pdfgenx.ocx
[2010/03/02 23:59:39 | 000,518,064 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
[2010/03/02 23:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Rosemary Docs
[2010/02/24 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\AnvSoft
[2010/02/18 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hudisoft
[2010/02/16 12:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Outer Dr Docs
[2008/08/22 03:37:22 | 000,096,768 | ---- | C] ( ) -- C:\WINDOWS\System32\libsndfile.dll

========== Files - Modified Within 90 Days ==========

[2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/05/06 14:47:15 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/06 14:30:30 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/06 14:30:19 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/06 14:29:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 14:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 14:29:36 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 14:28:39 | 010,747,904 | ---- | M] () -- C:\Documents and Settings\Frank\ntuser.dat
[2010/05/06 14:27:45 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\IconCache.db
[2010/05/06 13:55:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\gmer.zip
[2010/05/06 13:46:46 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Microsoft Word.lnk
[2010/05/06 13:46:35 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\B.doc
[2010/05/06 13:45:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\housecall.guid.cache
[2010/05/06 13:44:47 | 001,870,688 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Frank\Desktop\HousecallLauncher.exe
[2010/05/06 12:33:41 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/06 12:18:41 | 000,860,734 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2010/05/06 09:39:28 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 23:01:01 | 000,055,888 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/05 22:57:21 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Officejet 4500 G510g-m.job
[2010/05/05 22:56:22 | 000,205,972 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2010/05/05 22:56:07 | 000,001,040 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 22:47:13 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/05 22:46:25 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/05 14:45:38 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Master.wps
[2010/05/05 14:45:33 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Part 1.wps
[2010/05/04 23:09:11 | 007,115,493 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-04).ipd
[2010/05/04 22:23:21 | 007,115,493 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-05-04).ipd
[2010/05/04 16:24:47 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\BBSAK.lnk
[2010/05/04 15:33:14 | 007,036,433 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-05-04).ipd
[2010/05/04 13:14:36 | 002,132,660 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Articles Of Inc .pdf
[2010/05/03 16:52:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Part 2.wps
[2010/05/03 12:01:38 | 000,024,303 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Muir Hazel Park.jpg
[2010/05/03 12:00:42 | 000,015,615 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Hayes.jpg
[2010/05/03 11:47:36 | 000,011,813 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Hayes.htm
[2010/05/03 11:06:11 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\SpywareBlaster.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 09:27:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/27 09:49:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/04/26 15:17:33 | 000,680,817 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\1st_Alliance_Wiring_Instructions.pdf
[2010/04/26 14:09:58 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Wire Instructions - FAI.doc
[2010/04/21 11:15:44 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Warren P A.doc
[2010/04/19 15:09:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Fenmore P A.doc
[2010/04/15 14:21:15 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced Disk Cleaner.lnk
[2010/04/13 14:36:15 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Gratiot P A.doc
[2010/04/12 17:27:04 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2010/04/12 10:14:57 | 000,026,073 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\11583 Nottingham HUD.pdf
[2010/04/10 11:24:17 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Image Shrinker.lnk
[2010/04/09 11:49:13 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 13:29:21 | 000,039,156 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\list_of_available_Michigan_properties_march-8.pdf
[2010/04/05 12:41:03 | 000,027,565 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Fenmore.jpg
[2010/04/04 13:07:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\vso_ts_preview.xml
[2010/04/03 13:05:49 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Buyer Flyer 12-14-08.doc
[2010/04/02 10:48:28 | 004,815,276 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham PA.pdf
[2010/04/01 14:07:33 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham P A.doc
[2010/03/31 16:11:01 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/30 17:59:34 | 000,985,839 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham.jpg
[2010/03/29 16:27:10 | 000,025,275 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\St Marys.jpg
[2010/03/28 22:37:12 | 000,027,296 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\cc_20100328_223641.reg
[2010/03/27 09:07:30 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/27 09:07:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/26 19:40:16 | 000,034,289 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Rosemont.jpg
[2010/03/26 13:46:11 | 011,022,669 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-03-26).ipd
[2010/03/20 02:56:31 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\12 HOME FLYER.doc
[2010/03/17 12:17:39 | 000,033,663 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Sorrento.jpg
[2010/03/14 19:55:48 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 19:55:48 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 19:55:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/11 11:18:55 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Suburban Group.wps
[2010/03/08 04:00:56 | 000,058,196 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\cc_20100308_030047.reg
[2010/03/04 17:42:09 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Mobipocket Reader.lnk
[2010/03/03 12:42:22 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Rosemary P A.doc
[2010/02/24 20:18:54 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Any Video Converter.lnk
[2010/02/21 00:56:16 | 000,729,088 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Detroit Package Flyer 1-10-09.doc
[2010/02/10 17:15:34 | 003,927,922 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-02-10).ipd
[2010/02/10 15:03:19 | 000,078,986 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\W Outer Dr.jpg

========== Files Created - No Company Name ==========

[2010/05/06 13:54:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\gmer.zip
[2010/05/06 13:46:32 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\B.doc
[2010/05/06 13:45:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\housecall.guid.cache
[2010/05/05 22:57:19 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Officejet 4500 G510g-m.job
[2010/05/05 22:47:13 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/05 22:46:25 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/05 22:39:12 | 000,205,972 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2010/05/05 22:39:11 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2010/05/05 22:22:02 | 000,860,734 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2010/05/05 22:22:02 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010/05/04 23:09:11 | 007,115,493 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-04).ipd
[2010/05/04 22:23:21 | 007,115,493 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-05-04).ipd
[2010/05/04 15:33:14 | 007,036,433 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-05-04).ipd
[2010/05/04 13:14:25 | 002,132,660 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Articles Of Inc .pdf
[2010/05/03 12:01:29 | 000,024,303 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Muir Hazel Park.jpg
[2010/05/03 12:00:32 | 000,015,615 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Hayes.jpg
[2010/05/03 11:47:31 | 000,011,813 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Hayes.htm
[2010/04/26 15:17:21 | 000,680,817 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\1st_Alliance_Wiring_Instructions.pdf
[2010/04/26 12:19:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Wire Instructions - FAI.doc
[2010/04/21 10:59:31 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Warren P A.doc
[2010/04/19 15:06:38 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Fenmore P A.doc
[2010/04/13 14:36:14 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Gratiot P A.doc
[2010/04/12 10:14:03 | 000,026,073 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\11583 Nottingham HUD.pdf
[2010/04/09 18:18:11 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Image Shrinker.lnk
[2010/04/05 13:29:18 | 000,039,156 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\list_of_available_Michigan_properties_march-8.pdf
[2010/04/05 12:40:59 | 000,027,565 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Fenmore.jpg
[2010/03/31 13:08:43 | 004,815,276 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham PA.pdf
[2010/03/30 21:58:23 | 000,985,839 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham.jpg
[2010/03/30 17:53:18 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham P A.doc
[2010/03/29 16:27:10 | 000,025,275 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\St Marys.jpg
[2010/03/28 22:36:44 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\cc_20100328_223641.reg
[2010/03/27 09:07:29 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/27 09:07:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/26 19:40:15 | 000,034,289 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Rosemont.jpg
[2010/03/26 13:46:11 | 011,022,669 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-03-26).ipd
[2010/03/20 02:54:46 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\12 HOME FLYER.doc
[2010/03/17 12:17:36 | 000,033,663 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Sorrento.jpg
[2010/03/08 04:00:50 | 000,058,196 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\cc_20100308_030047.reg
[2010/03/02 16:03:52 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Rosemary P A.doc
[2010/02/10 17:15:34 | 003,927,922 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-02-10).ipd
[2010/02/10 15:03:17 | 000,078,986 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\W Outer Dr.jpg
[2010/01/12 16:47:10 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/01/12 16:47:10 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/01/12 16:47:07 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/01/12 16:47:07 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/01/12 16:46:17 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2009/10/12 01:59:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/10/01 11:51:38 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/01 11:51:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/23 11:59:46 | 000,002,585 | ---- | C] () -- C:\WINDOWS\CD_SearchHistory.INI
[2009/09/16 19:00:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/08 19:01:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/03 20:17:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/07/22 15:58:36 | 000,000,361 | ---- | C] () -- C:\WINDOWS\MP3trtg.ini
[2009/05/05 14:21:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/05 14:20:53 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/05 14:20:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/12 03:03:09 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/09/17 21:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Vid1Dec.dll
[2008/09/17 21:09:45 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TTL2Dec.dll
[2008/09/17 21:09:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/09/17 21:09:44 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/09/17 21:09:44 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/09/17 21:09:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/09/17 21:09:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/09/17 21:09:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/09/17 21:09:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/09/17 21:09:44 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/09/17 21:09:44 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/17 21:09:44 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/09/17 21:09:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/09/17 21:09:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/09/17 21:09:44 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/09/17 21:09:44 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/09/17 21:09:44 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/09/17 21:09:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/09/17 21:09:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/09/17 21:09:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kerneldeint.dll
[2008/09/17 21:09:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/09/17 21:09:43 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/09/17 21:09:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/09/17 21:09:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2008/08/22 03:14:12 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/05/16 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VCDWizardDLL.INI
[2008/05/06 17:34:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/02 15:11:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/29 14:46:38 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 01:04:26 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/04/28 01:04:26 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/28 01:04:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/04/28 01:04:26 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/27 11:08:15 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/26 09:48:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/05/05 20:41:30 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/05/05 20:41:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/05/05 20:30:12 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/05/04 06:13:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 10:40:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 10:40:08 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/01 14:50:46 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 14:50:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 14:09:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/21 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2009/08/04 22:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/06/13 00:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2008/09/17 23:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2010/03/31 12:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/04/30 15:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/12/01 02:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/03 11:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/30 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2004/05/07 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/30 20:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2008/08/24 18:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/02/08 23:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/05/15 00:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ACD Systems
[2010/02/24 20:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AnvSoft
[2010/02/24 20:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Any Video Converter
[2008/09/15 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AquaSoft
[2009/06/17 23:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Auslogics
[2008/06/13 20:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVSMedia
[2010/03/28 22:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Azureus
[2009/10/09 19:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Blackberry Desktop
[2008/11/19 00:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/15 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\DiashowManager
[2009/11/27 04:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Didiom
[2010/01/12 17:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\FreeVideoConverter
[2009/01/26 23:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\GrabPro
[2008/04/30 15:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\HotSync
[2008/09/18 18:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Frank\Application Data\IFBuilder
[2008/09/20 13:50:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Frank\Application Data\InAlbumTemp
[2009/08/04 14:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mobipocket
[2008/11/15 14:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mobipocket Reader
[2008/08/22 05:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Netscape
[2008/04/27 21:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Opera
[2009/01/27 00:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Orbit
[2009/09/08 19:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Panasonic
[2008/09/18 18:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Photodex
[2010/04/02 10:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\QuickScan
[2009/08/20 11:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Research In Motion
[2008/05/02 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Template
[2008/09/12 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Thunderbird
[2008/05/30 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Uniblue
[2010/04/04 13:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Vso
[2008/06/10 02:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\W Photo Studio
[2008/05/13 14:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\W Photo Studio Viewer
[2008/05/13 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Walgreens
[2010/04/27 09:49:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/05/07 02:54:10 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2008/05/30 20:43:37 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/03 20:02:43 | 000,025,887 | ---- | M] () -- C:\5074 Lodewyck.PDF
[2008/05/31 16:16:38 | 000,026,624 | ---- | M] () -- C:\Addendum.doc
[2009/04/03 16:57:46 | 000,016,384 | ---- | M] () -- C:\Addendum.wps
[2008/07/25 10:07:38 | 000,052,736 | ---- | M] () -- C:\Attendance Review Process Basics.ppt
[2008/08/21 22:28:21 | 000,000,782 | ---- | M] () -- C:\autoAlbum.log
[2004/05/01 13:54:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/28 22:13:59 | 000,011,306 | ---- | M] () -- C:\avi_log.txt
[2009/08/03 20:02:43 | 000,032,564 | ---- | M] () -- C:\Avon.PDF
[2009/10/06 14:47:55 | 000,000,278 | RHS- | M] () -- C:\boot.ini
[2008/10/21 22:05:05 | 000,180,736 | ---- | M] () -- C:\Brown Leadership and Conflict Resolution Curriculum.doc
[2009/08/03 20:02:43 | 000,026,310 | ---- | M] () -- C:\Chatham.PDF
[2008/07/22 04:16:58 | 000,034,816 | ---- | M] () -- C:\CITY_OF_DETROIT.doc
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/03 20:02:43 | 000,026,967 | ---- | M] () -- C:\Codding.PDF
[2004/05/01 13:54:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/03 20:02:43 | 000,028,400 | ---- | M] () -- C:\Continental.PDF
[2008/08/25 20:38:59 | 000,025,088 | ---- | M] () -- C:\Cover Letter.doc
[2008/08/25 20:56:50 | 000,026,624 | ---- | M] () -- C:\Danyelle_Davis_Resume.doc
[2009/08/03 20:02:43 | 000,030,043 | ---- | M] () -- C:\Evergreen.PDF
[2009/08/03 20:02:43 | 000,025,236 | ---- | M] () -- C:\Fenton.PDF
[2009/08/03 20:02:43 | 000,027,589 | ---- | M] () -- C:\Fielding.PDF
[2009/12/31 22:54:34 | 000,019,456 | ---- | M] () -- C:\FoodLove.doc
[2008/09/17 10:33:03 | 000,020,480 | ---- | M] () -- C:\Frank Cover Letter.doc
[2009/08/03 20:02:43 | 000,030,764 | ---- | M] () -- C:\Gilchrist.PDF
[2009/08/03 20:02:43 | 000,031,901 | ---- | M] () -- C:\Greenview.PDF
[2009/08/03 20:02:44 | 000,031,051 | ---- | M] () -- C:\Hartwell.PDF
[2008/05/13 16:39:59 | 001,228,854 | ---- | M] () -- C:\hello.jpg
[2010/05/06 14:29:36 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2008/05/31 01:03:52 | 000,000,570 | ---- | M] () -- C:\HSW_Log.txt
[2009/08/03 20:02:44 | 000,034,274 | ---- | M] () -- C:\Hubbell.PDF
[2008/05/13 15:07:09 | 073,244,672 | ---- | M] () -- C:\In Loving Memory of Reverend Frank Davis Jr.ppt
[2009/08/03 20:02:44 | 000,030,325 | ---- | M] () -- C:\Indiana.PDF
[2004/05/01 13:54:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/05/01 14:53:53 | 000,001,206 | -H-- | M] () -- C:\IPH.PH
[2009/10/09 15:46:05 | 000,019,763 | ---- | M] () -- C:\JavaRa.log
[2009/08/03 20:02:44 | 000,032,496 | ---- | M] () -- C:\Lakeview.PDF
[2008/10/21 22:06:18 | 000,040,448 | ---- | M] () -- C:\Leadership & conflict curriculum.doc
[2008/10/21 22:01:40 | 000,036,352 | ---- | M] () -- C:\Leadership & conflict resolution syllabus.doc
[2009/08/03 20:02:44 | 000,035,955 | ---- | M] () -- C:\Lenore.PDF
[2009/08/03 20:02:44 | 000,033,634 | ---- | M] () -- C:\London.PDF
[2010/05/03 10:32:12 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/11/30 22:27:52 | 000,175,104 | ---- | M] () -- C:\MGT 5770 - Group 4 Presentation.ppt
[2008/09/01 12:49:52 | 000,103,936 | ---- | M] () -- C:\MGT 6890_syllabus_Fall 2008.doc
[2004/05/01 13:54:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/10/21 22:16:56 | 000,019,968 | ---- | M] () -- C:\My Wayne State University Curriculum.doc
[2008/10/06 10:34:44 | 000,000,949 | ---- | M] () -- C:\net_save.dna
[2008/04/26 21:42:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/11 21:48:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/27 18:30:23 | 000,022,528 | ---- | M] () -- C:\OPT Ballot 2008.doc
[2008/10/29 09:22:21 | 000,020,992 | ---- | M] () -- C:\OPT Ballot Area 1.doc
[2008/10/27 18:48:53 | 000,020,480 | ---- | M] () -- C:\OPT Ballot Area 2.doc
[2008/10/29 09:33:54 | 000,019,968 | ---- | M] () -- C:\OPT Ballot Area 4.doc
[2008/10/27 18:53:46 | 000,020,480 | ---- | M] () -- C:\OPT Ballot Area 5.doc
[2008/10/29 09:43:20 | 000,021,504 | ---- | M] () -- C:\OPT Ballot Area 6.doc
[2009/01/05 08:04:36 | 000,020,480 | ---- | M] () -- C:\OPT Ballot Vice Chair Run off.doc
[2008/05/31 15:42:09 | 000,125,440 | ---- | M] () -- C:\OPT Perf Eval Workbook Danyelle Davis 08.xls
[2008/10/27 18:42:55 | 000,025,600 | ---- | M] () -- C:\OPT Sample Ballot 2008.doc
[2008/10/29 09:22:15 | 000,021,504 | ---- | M] () -- C:\OPT Sample Ballot Area 1.doc
[2008/10/27 18:51:03 | 000,021,504 | ---- | M] () -- C:\OPT Sample Ballot Area 2.doc
[2008/10/29 09:33:02 | 000,022,016 | ---- | M] () -- C:\OPT Sample Ballot Area 4.doc
[2008/10/27 18:55:26 | 000,021,504 | ---- | M] () -- C:\OPT Sample Ballot Area 5.doc
[2008/10/29 09:45:30 | 000,020,992 | ---- | M] () -- C:\OPT Sample Ballot Area 6.doc
[2008/12/01 12:47:05 | 000,021,504 | ---- | M] () -- C:\OPT Sample Ballot Vice Chair Run off.doc
[2010/05/06 14:29:33 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2008/11/20 16:30:37 | 000,006,656 | ---- | M] () -- C:\palm.grf
[2009/08/03 20:02:44 | 000,033,978 | ---- | M] () -- C:\Penrod.PDF
[2008/09/19 18:11:09 | 000,001,435 | ---- | M] () -- C:\photodex-presenter-install.log
[2008/12/06 13:51:00 | 000,000,000 | ---- | M] () -- C:\plx_proxy.log
[2009/08/03 20:02:44 | 000,033,705 | ---- | M] () -- C:\River Rouge.PDF
[2009/08/03 20:02:44 | 000,035,665 | ---- | M] () -- C:\Roscommon.PDF
[2008/10/29 09:58:29 | 000,021,504 | ---- | M] () -- C:\Rules for campaigning.doc
[2008/11/30 14:39:24 | 000,057,856 | ---- | M] () -- C:\Sausha's Slides.ppt
[2009/08/03 20:02:45 | 001,086,678 | ---- | M] () -- C:\scan.PDF
[2009/08/03 20:02:45 | 000,033,111 | ---- | M] () -- C:\Sorrento.PDF
[2009/08/03 20:02:45 | 000,032,803 | ---- | M] () -- C:\Stratman.PDF
[2009/08/03 20:02:45 | 000,028,326 | ---- | M] () -- C:\Sunnngdale.PDF
[2009/08/03 20:02:45 | 000,038,818 | ---- | M] () -- C:\Three Mile Dr.PDF
[2009/08/03 20:02:46 | 000,035,508 | ---- | M] () -- C:\Wayburn.PDF
[2009/08/03 20:02:46 | 000,025,917 | ---- | M] () -- C:\Westphalia.PDF
[2008/04/27 23:02:53 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/05/01 06:44:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/05/01 06:44:56 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/05/01 06:44:56 | 000,372,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Whitcomb Instructions.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Suburban Package Flyer 1-10-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\scan 3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Sample Fax Sheet Investments Prop.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\QUIT CLAIM DEED.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\proof_of_funds.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Probate Letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Please Sign Addendum Sheet and Fax It Back to.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\mvbprop.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Mill Race addCA).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\January for Sale.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Inverness QCD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\GTA Walthru.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Document1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Doc2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit TMV list Taxes inc.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit Package Flyer 1-10-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit Bulk Sale 3 6-2-09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\CASHDEALSINVAUG18.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Buyer Flyer 12-14-08.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Buyer Flyer 1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\BEAUTIFUL 6.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\8324 Chalfont.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\539081644.pdf:Roxio EMC Stream
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4F37E5
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17F5FD45
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B9C530
< End of report >







OTL Extras logfile created on: 5/6/2010 2:53:51 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 119.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 41.36 Gb Free Space | 27.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-84J1T8A8N
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}" = Advanced Disk Cleaner
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7822CFC5-6D52-4E55-BFB0-2BA64368542D}" = BBSAK
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9413C04B-F66A-48F6-8276-0D0ACF0E41B7}" = MSA20XX Device Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFADAD9E-40AE-4653-B70A-2B44740DDD51}" = PLSinWindowsMedia
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7434A55-F42B-407A-BB91-D4EB200C6355}" = BlackBerry Device Software v4.7.1 for the BlackBerry 9630 smartphone
"{D8A0FF03-2D4A-4FDF-A0FA-EEF21E21BCA5}" = Image Shrinker
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F2D45137-7631-4824-B285-52742329DE4B}" = Documents To Go
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"{FFAEA0E7-A977-419E-B23C-359DBFF41528}" = Palm eBook Studio
"040a_5005" = USB MassStorage CardReader
"8461-7759-5462-8226" = Vuze
"ABC 3GP/MP4 Converter" = ABC 3GP/MP4 Converter 3.00
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"eMule" = eMule
"ffdshow" = ffdshow (remove only)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag_is1" = MyDefrag v4.1.2
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"PalmSource Package Installer" = PalmSource Package Installer 1.5
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"RealPlayer 6.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Revo Uninstaller" = Revo Uninstaller 1.83
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Startup Optimizer_is1" = Startup Optimizer 1.6
"VSO PhotoDVD_is1" = PhotoDVD 2.9.6.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YASA MP4 Video Converter v3.2 (build 0051)" = YASA MP4 Video Converter v3.2 (build 0051)
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2010 10:34:49 PM | Computer Name = OWNER-84J1T8A8N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/20/2010 9:13:02 AM | Computer Name = OWNER-84J1T8A8N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/3/2010 1:43:27 AM | Computer Name = OWNER-84J1T8A8N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/4/2010 11:14:03 PM | Computer Name = OWNER-84J1T8A8N | Source = Application Error | ID = 1000
Description = Faulting application desktopmgr.exe, version 5.0.1.37, faulting module
mailserver.dll, version 5.0.1.37, fault address 0x000a4bc9.

Error - 5/5/2010 8:43:21 PM | Computer Name = OWNER-84J1T8A8N | Source = Application Error | ID = 1000
Description = Faulting application hpdj00.exe, version 2.323.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x0012e72c.

Error - 5/5/2010 10:24:38 PM | Computer Name = OWNER-84J1T8A8N | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\hpzsetup.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program hpzsetup.exe because of this error. Program:
hpzsetup.exe File: D:\hpzsetup.exe The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000240 Disk type: 5

Error - 5/5/2010 10:25:09 PM | Computer Name = OWNER-84J1T8A8N | Source = Application Error | ID = 1000
Description = Faulting application hpzsetup.exe, version 13.0.445.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000500b6.

Error - 5/5/2010 10:32:04 PM | Computer Name = OWNER-84J1T8A8N | Source = MsiInstaller | ID = 11606
Description = Product: HP Unload DLL Patch -- Error 1606.Could not access network
location 0.

Error - 5/5/2010 10:32:53 PM | Computer Name = OWNER-84J1T8A8N | Source = MsiInstaller | ID = 11606
Description = Product: HP Unload DLL Patch -- Error 1606.Could not access network
location 0.

Error - 5/5/2010 10:32:54 PM | Computer Name = OWNER-84J1T8A8N | Source = MsiInstaller | ID = 11606
Description = Product: HP Unload DLL Patch -- Error 1606.Could not access network
location 0.

[ System Events ]
Error - 5/6/2010 12:22:59 PM | Computer Name = OWNER-84J1T8A8N | Source = Print | ID = 23
Description = Printer Virtual PDF Printer failed to initialize because a suitable
Virtual PDF Printer driver could not be found.

Error - 5/6/2010 12:29:27 PM | Computer Name = OWNER-84J1T8A8N | Source = Print | ID = 23
Description = Printer Virtual PDF Printer failed to initialize because a suitable
Virtual PDF Printer driver could not be found.

Error - 5/6/2010 2:30:00 PM | Computer Name = OWNER-84J1T8A8N | Source = Print | ID = 23
Description = Printer Virtual PDF Printer failed to initialize because a suitable
Virtual PDF Printer driver could not be found.

Error - 5/6/2010 2:30:10 PM | Computer Name = OWNER-84J1T8A8N | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >
  • 0

Advertisements

#2
azarl
Posted 18 May 2010 - 02:10 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1«
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Processes 


:Services


:OTL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (Reg Error: Key error.)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://remote.dteenergy.com/,DanaInfo=dtel...o.com+dwa7W.cab (Reg Error: Key error.)


:Commands
[purity]
[emptytemp]

[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

» Step 2«
ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
polling
Posted 18 May 2010 - 09:59 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Thanks azarl

When I open Microsoft Word I get this one the 1st Page Alienl dhgfdrhjrj

Dont know what it is but that word is always on the 1st Page and i cant delete it


Heres My Logs

ComboFix

ComboFix 10-05-16.06 - Frank 05/18/2010 11:39:12.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.105 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Frank\Recent\AAAA Package of Most Needed Typeable Forms Required To Purchase Real Estate.pdf.url
c:\program files\eMule\lang\ar_AE.dll
c:\program files\eMule\lang\ba_BA.dll
c:\program files\eMule\lang\bg_BG.dll
c:\program files\eMule\lang\ca_ES.dll
c:\program files\eMule\lang\cz_CZ.dll
c:\program files\eMule\lang\da_DK.dll
c:\program files\eMule\lang\de_DE.dll
c:\program files\eMule\lang\el_GR.dll
c:\program files\eMule\lang\es_AS.dll
c:\program files\eMule\lang\es_ES_T.dll
c:\program files\eMule\lang\et_EE.dll
c:\program files\eMule\lang\fa_IR.dll
c:\program files\eMule\lang\fi_FI.dll
c:\program files\eMule\lang\fr_BR.dll
c:\program files\eMule\lang\fr_FR.dll
c:\program files\eMule\lang\gl_ES.dll
c:\program files\eMule\lang\he_IL.dll
c:\program files\eMule\lang\hu_HU.dll
c:\program files\eMule\lang\it_IT.dll
c:\program files\eMule\lang\jp_JP.dll
c:\program files\eMule\lang\ko_KR.dll
c:\program files\eMule\lang\lt_LT.dll
c:\program files\eMule\lang\lv_LV.dll
c:\program files\eMule\lang\mt_MT.dll
c:\program files\eMule\lang\nb_NO.dll
c:\program files\eMule\lang\nl_NL.dll
c:\program files\eMule\lang\nn_NO.dll
c:\program files\eMule\lang\pl_PL.dll
c:\program files\eMule\lang\pt_BR.dll
c:\program files\eMule\lang\pt_PT.dll
c:\program files\eMule\lang\ro_RO.dll
c:\program files\eMule\lang\ru_RU.dll
c:\program files\eMule\lang\sl_SI.dll
c:\program files\eMule\lang\sq_AL.dll
c:\program files\eMule\lang\sv_SE.dll
c:\program files\eMule\lang\tr_TR.dll
c:\program files\eMule\lang\ua_UA.dll
c:\program files\eMule\lang\ug_CN.dll
c:\program files\eMule\lang\va_ES.dll
c:\program files\eMule\lang\va_ES_RACV.dll
c:\program files\eMule\lang\vi_VN.dll
c:\program files\eMule\lang\zh_CN.dll
c:\program files\eMule\lang\zh_TW.dll
c:\windows\system32\hack
c:\windows\system32\hack\OEMLINK\OEM1.reg
c:\windows\system32\hack\OEMLINK\OEM2.reg
c:\windows\system32\hack\OEMLINK\OEM3.reg

.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 15:16 . 2010-05-18 15:16 -------- d-----w- C:\_OTL
2010-05-10 18:38 . 2010-05-10 18:38 -------- d-----w- c:\documents and settings\Danyelle\Application Data\HP
2010-05-07 04:24 . 2010-05-07 04:35 23110 ----a-w- c:\windows\hpqins15.dat
2010-05-07 04:19 . 2010-05-14 11:23 -------- d-----w- c:\documents and settings\Frank\Application Data\HpUpdate
2010-05-07 04:18 . 2010-05-07 04:18 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-06 03:02 . 2010-05-17 18:35 -------- d-----w- c:\documents and settings\Frank\Application Data\HPAppData
2010-05-06 02:57 . 2010-05-06 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-05-06 02:45 . 2010-05-06 02:45 -------- d-----w- c:\program files\Common Files\HP
2010-05-06 02:45 . 2010-05-06 02:45 -------- d-----w- c:\windows\hpoj4500g510g-m
2010-05-06 02:22 . 2010-05-06 22:53 204517 ----a-w- c:\windows\hpwins26.dat
2010-05-06 02:22 . 2009-08-18 06:31 370 ------w- c:\windows\hpwmdl26.dat
2010-04-29 14:22 . 2010-04-29 14:22 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 15:37 . 2008-04-28 02:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-18 15:23 . 2009-07-21 03:13 256 ----a-w- c:\windows\system32\pool.bin
2010-05-18 15:19 . 2008-05-11 04:11 18551712 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-17 20:51 . 2009-12-01 20:50 -------- d-----w- c:\program files\BBSAK
2010-05-16 02:25 . 2010-05-16 02:25 26694 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{10FD7666-5D97-4677-8181-AFCD08260043}\BlackBerry.exe
2010-05-16 02:24 . 2009-07-21 03:09 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-15 22:31 . 2010-05-15 22:32 2126848 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-05-14 11:23 . 2008-04-28 02:50 -------- d-----w- c:\program files\HP
2010-05-14 03:35 . 2010-05-14 11:08 2115584 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-05-13 23:21 . 2008-12-06 17:47 -------- d-----w- c:\documents and settings\Danyelle\Application Data\Skype
2010-05-07 21:42 . 2010-05-06 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-06 05:56 . 2010-05-06 13:39 2078720 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-05-06 03:01 . 2008-04-27 02:00 55888 ----a-w- c:\documents and settings\Frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 03:00 . 2010-05-06 02:56 -------- d-----w- c:\documents and settings\Frank\Application Data\HP
2010-05-06 02:56 . 2010-05-06 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-06 02:49 . 2010-05-06 02:49 -------- d-----w- c:\documents and settings\Frank\Application Data\Yahoo!
2010-05-06 02:49 . 2008-04-28 01:57 -------- d-----w- c:\program files\Yahoo!
2010-05-06 02:47 . 2010-05-06 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-06 02:13 . 2010-05-06 02:14 2045440 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-05-04 16:59 . 2010-05-04 17:00 2038784 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-05-03 15:33 . 2009-12-22 13:40 117760 ----a-w- c:\documents and settings\Frank\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-03 15:21 . 2009-12-24 21:53 -------- d-----w- c:\program files\Panda Security
2010-05-03 15:19 . 2008-11-09 05:42 -------- d-----w- c:\program files\ABC Amber Palm Converter
2010-05-03 15:18 . 2009-11-25 07:06 -------- d-----w- c:\program files\ABC Amber LIT Converter
2010-05-03 15:08 . 2008-04-28 23:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-03 15:08 . 2009-05-08 01:12 -------- d-----w- c:\program files\SpywareBlaster
2010-05-03 14:32 . 2008-04-28 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-03 00:46 . 2010-05-03 05:43 2027008 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-04-29 19:39 . 2008-11-11 20:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-11 20:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 14:21 . 2009-11-19 17:53 -------- d-----w- c:\program files\QuickTime
2010-04-26 13:54 . 2010-04-26 14:23 2025472 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-12 21:26 . 2008-04-28 01:08 -------- d-----w- c:\program files\eMule
2010-04-09 22:18 . 2010-02-18 22:28 790 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{D8A0FF03-2D4A-4FDF-A0FA-EEF21E21BCA5}\_6FEFF9B68218417F98F549.exe
2010-04-09 22:18 . 2010-02-18 22:28 790 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{D8A0FF03-2D4A-4FDF-A0FA-EEF21E21BCA5}\_608AEDF8321FADB5B9E518.exe
2010-04-09 22:18 . 2010-02-18 22:28 790 ----a-r- c:\documents and settings\Frank\Application Data\Microsoft\Installer\{D8A0FF03-2D4A-4FDF-A0FA-EEF21E21BCA5}\_014496BAEC9A203B29BB21.exe
2010-04-04 17:07 . 2008-04-28 15:00 -------- d-----w- c:\documents and settings\Frank\Application Data\Vso
2010-04-02 14:21 . 2010-03-31 15:44 -------- d-----w- c:\documents and settings\Frank\Application Data\QuickScan
2010-03-31 17:55 . 2008-04-28 01:06 -------- d-----w- c:\program files\Opera
2010-03-31 17:50 . 2008-05-03 17:13 -------- d-----w- c:\program files\Free FLV Converter
2010-03-31 16:00 . 2010-03-31 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-03-29 02:50 . 2009-08-05 02:54 -------- d-----w- c:\documents and settings\Frank\Application Data\Azureus
2010-03-29 02:50 . 2009-11-23 00:11 -------- d-----w- c:\program files\Any Video Converter
2010-03-26 14:33 . 2010-05-03 22:17 1496064 ----a-w- c:\documents and settings\Danyelle\Application Data\Mozilla\Firefox\Profiles\drxwm63f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-14 20:24 1496064 ----a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-05-03 22:17 43008 ----a-w- c:\documents and settings\Danyelle\Application Data\Mozilla\Firefox\Profiles\drxwm63f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-05-03 22:17 339456 ----a-w- c:\documents and settings\Danyelle\Application Data\Mozilla\Firefox\Profiles\drxwm63f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:33 . 2010-04-14 20:24 43008 ----a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-14 20:24 339456 ----a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-05-03 22:17 346112 ----a-w- c:\documents and settings\Danyelle\Application Data\Mozilla\Firefox\Profiles\drxwm63f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-26 14:32 . 2010-04-14 20:24 346112 ----a-w- c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-10 06:15 . 2002-02-27 04:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-02-07 08:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-05-01 17:39 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-04 2904064]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-04 46080]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2003-06-04 15:01 496640 ----a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-12-18 07:40 1241138 ----a-w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-10 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-12 19:18 135168 ----a-w- c:\program files\eMachines Bay Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"nwiz"=nwiz.exe /install
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 5:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 5:26 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/11/2010 8:34 PM 108289]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 5:27 PM 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/15/2008 9:23 PM 648952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-27 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-07 13:50]

2008-05-07 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-05-07 13:50]

2008-05-31 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-05-31 13:50]

2010-05-14 c:\windows\Tasks\WebReg HP Officejet 4500 G510g-m.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 00:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {0EB836F3-6809-4465-A1D9-8D1FD8E2E9AE} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rlz=1R0GGGL_en
FF - component: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\program\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 11:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-18 11:53:46
ComboFix-quarantined-files.txt 2010-05-18 15:53

Pre-Run: 43,664,314,368 bytes free
Post-Run: 43,611,467,776 bytes free

- - End Of File - - 268940A94B87322AD88FE34EB100F22F




OTL


OTL logfile created on: 5/18/2010 11:26:21 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 88.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 40.76 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-84J1T8A8N
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/07 15:47:02 | 000,440,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2003/12/18 03:39:40 | 000,802,868 | ---- | M] (AHEAD Software) -- C:\Program Files\Ahead\InCD\incdsrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/01/25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2003/12/18 03:39:40 | 000,802,868 | ---- | M] (AHEAD Software) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2010/01/12 19:13:58 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/16 17:27:00 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 17:26:58 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 17:26:56 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/09/15 21:23:07 | 000,648,952 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/06/09 16:12:08 | 000,018,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/30 15:18:37 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/03/23 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/04 10:29:00 | 001,893,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/12/18 03:43:10 | 000,028,752 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/12/18 03:42:46 | 000,091,712 | ---- | M] (Ahead Software) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/11/14 18:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/16 19:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/31 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2003/03/31 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2003/03/31 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2003/03/31 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2003/03/31 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2003/03/31 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2003/03/31 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2003/03/31 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2003/03/31 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2003/03/31 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2003/03/31 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2003/03/31 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2003/03/31 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2003/03/31 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2003/03/31 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/03/20 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...rlz=1R0GGGL_en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07075003
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/07 00:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 01:18:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 09:00:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 13:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/04/14 09:00:58 | 000,000,000 | ---D | M]

[2008/06/17 12:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Extensions
[2010/05/18 10:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions
[2008/06/19 00:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/14 16:24:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/14 23:35:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/03/17 10:33:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/01/21 16:27:24 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/04/15 13:47:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/01 16:31:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 14:56:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/03/08 19:24:33 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2009/06/20 13:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\bettergmail2@ginatrapani(2).org
[2009/11/20 19:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/03/20 23:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2008/05/14 21:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/04/13 10:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\[email protected]
[2010/03/20 23:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\68qqnpr9.default\extensions\SkipScreen@SkipScreen
[2010/05/18 10:58:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/05/14 14:35:49 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/01/13 03:36:36 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1209253097281 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Frank\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 22:28:21 | 000,000,782 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 13:54:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/18 11:16:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/17 16:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\OS6 Cods and jads
[2010/05/12 12:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\HUbbell
[2010/05/07 00:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\HpUpdate
[2010/05/07 00:18:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/05/06 14:52:53 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/05/05 23:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\HPAppData
[2010/05/05 22:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/05/05 22:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\HP
[2010/05/05 22:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/05 22:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\Yahoo!
[2010/05/05 22:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/05/05 22:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/05 22:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/05 22:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj4500g510g-m
[2010/04/29 10:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/21 16:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Warren Files
[2010/03/31 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Unused Desktop Shortcuts
[2010/03/31 12:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/03/31 11:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\QuickScan
[2010/03/29 10:54:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Frank\Recent
[2010/03/28 00:19:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/26 19:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\Pics of Les Work
[2010/03/24 15:24:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Desktop\12 House Pics
[2010/03/03 00:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\My Documents\PDF-TIFF-Tools.com
[2010/03/03 00:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Local Settings\Application Data\PDF-TIFF-Tools.com
[2010/03/02 23:59:39 | 001,746,864 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.Unicode.v11.2.0.ocx
[2010/03/02 23:59:39 | 000,665,600 | ---- | C] (Alientools Software) -- C:\WINDOWS\System32\pdfgenx.ocx
[2010/03/02 23:59:39 | 000,518,064 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.Unicode.v11.2.0.ocx
[2010/02/24 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Frank\Application Data\AnvSoft
[2010/02/18 18:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hudisoft
[2008/08/22 03:37:22 | 000,096,768 | ---- | C] ( ) -- C:\WINDOWS\System32\libsndfile.dll

========== Files - Modified Within 90 Days ==========

[2010/05/18 11:24:33 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/18 11:23:30 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/18 11:20:59 | 000,003,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/18 11:19:42 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/18 11:19:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 11:19:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 11:19:03 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 11:09:57 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Microsoft Word.lnk
[2010/05/17 16:51:05 | 000,002,201 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BBSAK.lnk
[2010/05/17 16:43:51 | 000,720,073 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\ww9700OS_6.zip
[2010/05/17 15:32:13 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Rosemary P A.doc
[2010/05/17 15:31:53 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Fielding P A.doc
[2010/05/17 15:28:34 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Gilchrist P A.doc
[2010/05/17 15:25:15 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Prest P A.doc
[2010/05/17 15:24:16 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham P A.doc
[2010/05/17 15:21:59 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\End Bulk.doc
[2010/05/17 00:03:11 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Frank\ntuser.dat
[2010/05/17 00:01:56 | 020,754,640 | -H-- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\IconCache.db
[2010/05/16 23:56:19 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/16 00:19:43 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\pool.bin
[2010/05/14 12:56:00 | 001,912,477 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\AAAA Package of Most Needed Typeable Forms Required To Purchase Real Estate.pdf
[2010/05/14 12:52:32 | 001,580,349 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Multiple Docs .pdf
[2010/05/14 12:51:11 | 001,043,307 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Multiple_Offer_Docs_Page2-converted.pdf
[2010/05/14 12:48:58 | 000,537,891 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Multiple_Offer_Docs_1-converted.pdf
[2010/05/13 22:57:15 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Officejet 4500 G510g-m.job
[2010/05/13 09:27:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/12 13:53:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Part 1.wps
[2010/05/12 13:53:01 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Master.wps
[2010/05/12 13:23:23 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Image Shrinker.lnk
[2010/05/11 11:32:10 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Suburban Group.wps
[2010/05/10 23:04:26 | 007,213,150 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-10).ipd
[2010/05/10 18:19:15 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Part 2.wps
[2010/05/07 15:01:27 | 000,173,216 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\vnbbKG_v12.zip
[2010/05/07 00:35:58 | 000,023,110 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/05/06 20:10:44 | 012,980,736 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Suburban Package Flyer 1-10-09.doc
[2010/05/06 19:41:20 | 012,245,504 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Buyer Flyer 12-14-08.doc
[2010/05/06 18:53:47 | 000,204,517 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2010/05/06 18:48:01 | 000,001,040 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/06 14:52:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Frank\Desktop\OTL.exe
[2010/05/06 13:55:44 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\gmer.zip
[2010/05/06 13:46:35 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\B.doc
[2010/05/06 13:45:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\housecall.guid.cache
[2010/05/06 09:39:28 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 23:01:01 | 000,055,888 | ---- | M] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/05 22:56:22 | 000,205,972 | ---- | M] () -- C:\WINDOWS\hpwins26.dat.temp
[2010/05/05 22:47:13 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/05 22:46:25 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/04 23:09:11 | 007,115,493 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-04).ipd
[2010/05/04 22:23:21 | 007,115,493 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-05-04).ipd
[2010/05/04 15:33:14 | 007,036,433 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-05-04).ipd
[2010/05/04 13:14:36 | 002,132,660 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Articles Of Inc .pdf
[2010/05/03 11:06:11 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\SpywareBlaster.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 09:49:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/04/26 15:17:33 | 000,680,817 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\1st_Alliance_Wiring_Instructions.pdf
[2010/04/26 14:09:58 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Wire Instructions - FAI.doc
[2010/04/21 11:15:44 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Warren P A.doc
[2010/04/19 15:09:34 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Fenmore P A.doc
[2010/04/15 14:21:15 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced Disk Cleaner.lnk
[2010/04/14 03:05:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 14:36:15 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Gratiot P A.doc
[2010/04/12 17:27:04 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eMule.lnk
[2010/04/12 10:14:57 | 000,026,073 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\11583 Nottingham HUD.pdf
[2010/04/05 13:29:21 | 000,039,156 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\list_of_available_Michigan_properties_march-8.pdf
[2010/04/04 13:07:50 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Frank\Application Data\vso_ts_preview.xml
[2010/04/02 10:48:28 | 004,815,276 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham PA.pdf
[2010/03/31 16:11:01 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/30 17:59:34 | 000,985,839 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Nottingham.jpg
[2010/03/28 22:37:12 | 000,027,296 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\cc_20100328_223641.reg
[2010/03/27 09:07:30 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/27 09:07:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/26 19:40:16 | 000,034,289 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Rosemont.jpg
[2010/03/26 13:46:11 | 011,022,669 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-03-26).ipd
[2010/03/20 02:56:31 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\12 HOME FLYER.doc
[2010/03/14 19:55:48 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 19:55:48 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 19:55:41 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/08 04:00:56 | 000,058,196 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\cc_20100308_030047.reg
[2010/03/04 17:42:09 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Mobipocket Reader.lnk
[2010/02/24 20:18:54 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\Frank\Desktop\Any Video Converter.lnk
[2010/02/21 00:56:16 | 000,729,088 | ---- | M] () -- C:\Documents and Settings\Frank\My Documents\Detroit Package Flyer 1-10-09.doc

========== Files Created - No Company Name ==========

[2010/05/17 16:43:33 | 000,720,073 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\ww9700OS_6.zip
[2010/05/15 19:16:41 | 000,002,201 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BBSAK.lnk
[2010/05/14 12:52:18 | 001,580,349 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Multiple Docs .pdf
[2010/05/14 12:50:44 | 001,043,307 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Multiple_Offer_Docs_Page2-converted.pdf
[2010/05/14 12:48:22 | 000,537,891 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Multiple_Offer_Docs_1-converted.pdf
[2010/05/13 22:57:13 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Officejet 4500 G510g-m.job
[2010/05/11 14:17:49 | 001,912,477 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\AAAA Package of Most Needed Typeable Forms Required To Purchase Real Estate.pdf
[2010/05/10 23:04:26 | 007,213,150 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-10).ipd
[2010/05/07 15:00:57 | 000,173,216 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\vnbbKG_v12.zip
[2010/05/07 00:24:33 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/05/06 13:54:56 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\gmer.zip
[2010/05/06 13:46:32 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\B.doc
[2010/05/06 13:45:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Frank\Local Settings\Application Data\housecall.guid.cache
[2010/05/05 22:47:13 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/05/05 22:46:25 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/05 22:39:12 | 000,205,972 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2010/05/05 22:39:11 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2010/05/05 22:22:02 | 000,204,517 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2010/05/05 22:22:02 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2010/05/04 23:09:11 | 007,115,493 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Backup-(2010-05-04).ipd
[2010/05/04 22:23:21 | 007,115,493 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-05-04).ipd
[2010/05/04 15:33:14 | 007,036,433 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\LoaderBackup-(2010-05-04).ipd
[2010/05/04 13:14:25 | 002,132,660 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Articles Of Inc .pdf
[2010/04/26 15:17:21 | 000,680,817 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\1st_Alliance_Wiring_Instructions.pdf
[2010/04/26 12:19:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\Wire Instructions - FAI.doc
[2010/04/21 10:59:31 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Warren P A.doc
[2010/04/19 15:06:38 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Fenmore P A.doc
[2010/04/13 14:36:14 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Gratiot P A.doc
[2010/04/12 10:14:03 | 000,026,073 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\11583 Nottingham HUD.pdf
[2010/04/09 18:18:11 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Image Shrinker.lnk
[2010/04/05 13:29:18 | 000,039,156 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\list_of_available_Michigan_properties_march-8.pdf
[2010/03/31 13:08:43 | 004,815,276 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham PA.pdf
[2010/03/31 09:59:19 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 21:58:23 | 000,985,839 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham.jpg
[2010/03/30 17:53:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Nottingham P A.doc
[2010/03/28 22:36:44 | 000,027,296 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\cc_20100328_223641.reg
[2010/03/27 09:07:29 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
[2010/03/27 09:07:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/03/26 19:40:15 | 000,034,289 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Rosemont.jpg
[2010/03/26 13:46:11 | 011,022,669 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\AutoBackup-(2010-03-26).ipd
[2010/03/20 02:54:46 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\12 HOME FLYER.doc
[2010/03/08 04:00:50 | 000,058,196 | ---- | C] () -- C:\Documents and Settings\Frank\My Documents\cc_20100308_030047.reg
[2010/03/02 16:03:52 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Frank\Desktop\Rosemary P A.doc
[2010/01/12 16:47:10 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/01/12 16:47:10 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/01/12 16:47:07 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/01/12 16:47:07 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/01/12 16:46:17 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2009/10/12 01:59:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/10/01 11:51:38 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/01 11:51:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/23 11:59:46 | 000,002,585 | ---- | C] () -- C:\WINDOWS\CD_SearchHistory.INI
[2009/09/16 19:00:33 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/08 19:01:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/03 20:17:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/07/22 15:58:36 | 000,000,361 | ---- | C] () -- C:\WINDOWS\MP3trtg.ini
[2009/05/05 14:21:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/05/05 14:20:53 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/05/05 14:20:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/12 03:03:09 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/09/17 21:09:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Vid1Dec.dll
[2008/09/17 21:09:45 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TTL2Dec.dll
[2008/09/17 21:09:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008/09/17 21:09:44 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/09/17 21:09:44 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/09/17 21:09:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/09/17 21:09:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/09/17 21:09:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/09/17 21:09:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/09/17 21:09:44 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008/09/17 21:09:44 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/17 21:09:44 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008/09/17 21:09:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/09/17 21:09:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/09/17 21:09:44 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008/09/17 21:09:44 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008/09/17 21:09:44 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/09/17 21:09:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/09/17 21:09:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/09/17 21:09:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\ff_kerneldeint.dll
[2008/09/17 21:09:43 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/09/17 21:09:43 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2008/09/17 21:09:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/09/17 21:09:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\ffavisynth.dll
[2008/08/22 03:14:12 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/05/16 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VCDWizardDLL.INI
[2008/05/06 17:34:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/02 15:11:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/04/29 14:46:38 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 01:04:26 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/04/28 01:04:26 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/04/28 01:04:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/04/28 01:04:26 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/04/27 11:08:15 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/26 09:48:13 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/05/05 20:41:30 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/05/05 20:41:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/05/05 20:30:12 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2004/05/04 06:13:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 10:40:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 10:40:08 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/01 14:50:46 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 14:50:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 14:09:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/21 13:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2009/08/04 22:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/06/13 00:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2008/09/17 23:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\element5
[2010/03/31 12:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2008/04/30 15:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/12/01 02:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/03 11:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/30 20:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2004/05/07 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/30 20:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft
[2008/08/24 18:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/02/08 23:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/05/15 00:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\ACD Systems
[2010/02/24 20:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AnvSoft
[2010/02/24 20:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Any Video Converter
[2008/09/15 21:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AquaSoft
[2009/06/17 23:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Auslogics
[2008/06/13 20:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\AVSMedia
[2010/03/28 22:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Azureus
[2009/10/09 19:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Blackberry Desktop
[2008/11/19 00:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/15 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\DiashowManager
[2009/11/27 04:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Didiom
[2010/01/12 17:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\FreeVideoConverter
[2009/01/26 23:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\GrabPro
[2008/04/30 15:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\HotSync
[2008/09/18 18:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Frank\Application Data\IFBuilder
[2008/09/20 13:50:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Frank\Application Data\InAlbumTemp
[2009/08/04 14:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mobipocket
[2008/11/15 14:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Mobipocket Reader
[2008/08/22 05:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Netscape
[2008/04/27 21:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Opera
[2009/01/27 00:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Orbit
[2009/09/08 19:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Panasonic
[2008/09/18 18:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Photodex
[2010/04/02 10:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\QuickScan
[2009/08/20 11:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Research In Motion
[2008/05/02 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Template
[2008/09/12 12:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Thunderbird
[2008/05/30 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Uniblue
[2010/04/04 13:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Vso
[2008/06/10 02:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\W Photo Studio
[2008/05/13 14:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\W Photo Studio Viewer
[2008/05/13 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Frank\Application Data\Walgreens
[2010/04/27 09:49:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/05/07 02:54:10 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2008/05/30 20:43:37 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Whitcomb Instructions.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Suburban Package Flyer 1-10-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\scan 3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Sample Fax Sheet Investments Prop.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\QUIT CLAIM DEED.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\proof_of_funds.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Probate Letter.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Please Sign Addendum Sheet and Fax It Back to.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\mvbprop.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Mill Race addCA).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\January for Sale.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Inverness QCD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\GTA Walthru.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Document1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Doc2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit TMV list Taxes inc.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit Package Flyer 1-10-09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Detroit Bulk Sale 3 6-2-09.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\CASHDEALSINVAUG18.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Buyer Flyer 12-14-08.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\Buyer Flyer 1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\BEAUTIFUL 6.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\8324 Chalfont.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Frank\My Documents\539081644.pdf:Roxio EMC Stream
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4F37E5
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17F5FD45
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B9C530
< End of report >
  • 0

#4
azarl
Posted 18 May 2010 - 12:22 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OTL
  • Run OTL again, setting
    • Processes- None
    • Modules - None
    • Services - None
    • Drivers - None
    • Standard Registry - None
    • Extra Registry - None
    • Files Created Within - None
    • Files Modified Within - None
  • Under the Custom Scan box paste this in:


    /md5start
    vbscript.dll
    wininet.dll
    mrxsmb.sys
    /md5stop

  • Click the Run Scan button. The scan wont take long.
When the scan completes, it will open OTL.Txt , Please copy (Edit->Select All, Edit->Copy) the contents of this file, and paste into your reply.
  • 0

#5
polling
Posted 18 May 2010 - 01:06 PM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
OTL logfile created on: 5/18/2010 3:02:19 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Frank\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 242.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 40.62 Gb Free Space | 27.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-84J1T8A8N
Current User Name: Frank
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: MRXSMB.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2008/04/26 21:40:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2008/08/11 21:43:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:mrxsmb.sys
[2008/04/26 21:40:11 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2008/08/11 21:43:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 05:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2004/08/04 02:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 06:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2004/10/27 21:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/27 21:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< MD5 for: VBSCRIPT.DLL >
[2010/03/10 02:18:09 | 000,420,352 | ---- | M] (Microsoft Corporation) MD5=18A9F161A87C7037172CC2978C71317A -- C:\WINDOWS\$hf_mig$\KB981332-IE8\SP3QFE\vbscript.dll
[2008/04/13 20:12:08 | 000,434,176 | ---- | M] (Microsoft Corporation) MD5=66810D8E8315F9B5B5CB47ED5656CA3A -- C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll
[2008/04/13 20:12:08 | 000,434,176 | ---- | M] (Microsoft Corporation) MD5=66810D8E8315F9B5B5CB47ED5656CA3A -- C:\WINDOWS\ServicePackFiles\i386\vbscript.dll
[2009/03/08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation) MD5=7CC3C8FC1056A229B05926C44D1ADEE4 -- C:\WINDOWS\ie8updates\KB981332-IE8\vbscript.dll
[2004/08/04 03:56:46 | 000,417,792 | ---- | M] (Microsoft Corporation) MD5=803E6CD42BA49F72A67381EDA487B1F6 -- C:\WINDOWS\ie7\vbscript.dll
[2007/12/18 10:32:13 | 000,417,792 | ---- | M] (Microsoft Corporation) MD5=A5A6F6AF0FC46AF95524EA7DCEFBCE7B -- C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) MD5=A942038C472CDF1C1EAAE7E8300B9319 -- C:\WINDOWS\system32\dllcache\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) MD5=A942038C472CDF1C1EAAE7E8300B9319 -- C:\WINDOWS\system32\vbscript.dll
[2008/05/09 06:53:40 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=C4EFFBE602CE2ADC047AF5CC1F858707 -- C:\WINDOWS\ie8\vbscript.dll
[2007/08/13 18:54:10 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=ED0297985167A42761B01B1A3025424F -- C:\WINDOWS\$NtServicePackUninstall$\vbscript.dll
[2008/05/09 06:45:16 | 000,430,080 | ---- | M] (Microsoft Corporation) MD5=EE6CE227093D207794921619296B40B9 -- C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll

< MD5 for: WININET.DLL >
[2008/12/20 19:56:00 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=044E0A4E9FE97C0FB9AFE9C89E2A82E6 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[2008/02/16 04:59:39 | 000,659,456 | ---- | M] (Microsoft Corporation) MD5=0C690E77C0E924C45B4D7045B182FFF1 -- C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2gdr\wininet.dll
[2008/10/16 16:24:11 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=0D5B75171FF51775B630A431B6C667E8 -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[2009/03/02 20:18:25 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=28775945CCD53DEE280EF58DEA1A94C4 -- C:\WINDOWS\ie7updates\KB969897-IE7\wininet.dll
[2009/05/13 01:15:55 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=366C72AF6970DB7BB39AB0142BF09DB5 -- C:\WINDOWS\ie8updates\KB972260-IE8\wininet.dll
[2009/05/13 01:15:55 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=366C72AF6970DB7BB39AB0142BF09DB5 -- C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[2009/07/03 13:06:51 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=38114DAB42FB2EB84D1726C42B8D80C5 -- C:\WINDOWS\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[2008/04/22 23:35:36 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=41546B396A526918DA7995A02EA04E51 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[2010/02/25 02:19:44 | 000,919,040 | ---- | M] (Microsoft Corporation) MD5=4458D59F2B0369F4D3B137541D284041 -- C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[2009/12/21 15:09:28 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=5E1F666B8955FD77E65D65C4C4D882A3 -- C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[2009/04/29 00:49:30 | 000,828,928 | ---- | M] (Microsoft Corporation) MD5=62CCA075F44015147B8971DAFFBCFF76 -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[2008/03/01 09:03:02 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=6316C2F0C61271C8ABDFF7429174879E -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[2008/03/01 09:03:02 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=6316C2F0C61271C8ABDFF7429174879E -- C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2QFE\wininet.dll
[2008/10/16 16:38:40 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=6741EAF7B7F110E803A6E38F6E5FA6B0 -- C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll
[2009/10/29 03:45:45 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=6AF52998B90F72FF2325D84D90EDA1CC -- C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[2009/03/08 04:34:58 | 000,914,944 | ---- | M] (Microsoft Corporation) MD5=6CE32F7778061CCC5814D5E0F282D369 -- C:\WINDOWS\ie8updates\KB969897-IE8\wininet.dll
[2009/10/29 03:45:38 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=75240F6EDBCE7B85DF66874407D38A4F -- C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
[2008/08/26 05:08:45 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=77C192FE56A70D7FA0247BA0A6201C32 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=7A42CFED96CDA7F2FB1A26D1F9F65775 -- C:\WINDOWS\ERDNT\cache\wininet.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=7A42CFED96CDA7F2FB1A26D1F9F65775 -- C:\WINDOWS\system32\dllcache\wininet.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=7A42CFED96CDA7F2FB1A26D1F9F65775 -- C:\WINDOWS\system32\wininet.dll
[2008/04/13 20:12:08 | 000,666,112 | ---- | M] (Microsoft Corporation) MD5=7A4F775ABB2F1C97DEF3E73AFA2FAEDD -- C:\WINDOWS\ServicePackFiles\i386\wininet.dll
[2009/07/03 13:09:28 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=7E8A47A2E6561274B83E257CE74803FD -- C:\WINDOWS\ie8updates\KB974455-IE8\wininet.dll
[2007/12/06 22:21:48 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=806D274C9A6C3AAEA5EAE8E4AF841E04 -- C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
[2007/12/06 22:21:48 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=806D274C9A6C3AAEA5EAE8E4AF841E04 -- C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
[2008/06/23 12:57:41 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=8C13D4A7479FA0A026EDA8ABCE82C0ED -- C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
[2009/04/29 00:56:02 | 000,827,392 | ---- | M] (Microsoft Corporation) MD5=8E2D471157B0DF329D8D0EA5D83B0DDB -- C:\WINDOWS\ie8\wininet.dll
[2009/08/29 04:01:44 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=972B226BDAD71C55F3CC9A72BBF8F1C1 -- C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[2007/08/13 18:54:10 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=A4A0FC92358F39538A6494C42EF99FE9 -- C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
[2008/12/20 19:15:41 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=A82935D32D0672E8FF4E91AE398E901C -- C:\WINDOWS\ie7updates\KB963027-IE7\wininet.dll
[2008/03/01 09:06:31 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=AD21461AEF8244EDEC2EF18E55E1DCF3 -- C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
[2008/03/01 09:06:31 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=AD21461AEF8244EDEC2EF18E55E1DCF3 -- C:\WINDOWS\SoftwareDistribution\Download\4dcb1f965c037cafb3a5ed4c71a998b8\SP2GDR\wininet.dll
[2007/12/06 22:01:13 | 000,825,344 | ---- | M] (Microsoft Corporation) MD5=B5B411BB229AE6EAD7652A32ED47BFB9 -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[2007/12/06 22:01:13 | 000,825,344 | ---- | M] (Microsoft Corporation) MD5=B5B411BB229AE6EAD7652A32ED47BFB9 -- C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
[2008/02/16 05:32:09 | 000,666,112 | ---- | M] (Microsoft Corporation) MD5=BB1EACD6AB47E78EBCA02EB781550D55 -- C:\WINDOWS\SoftwareDistribution\Download\4f34fed83363df83031761e8fceb73ae\sp2qfe\wininet.dll
[2004/08/04 03:56:46 | 000,656,384 | ---- | M] (Microsoft Corporation) MD5=C0823FC5469663BA63E7DB88F9919D70 -- C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
[2004/08/04 03:56:46 | 000,656,384 | ---- | M] (Microsoft Corporation) MD5=C0823FC5469663BA63E7DB88F9919D70 -- C:\WINDOWS\ie7\wininet.dll
[2009/05/13 01:10:01 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=C0EB6850C8A02A154281749DC61FAF22 -- C:\WINDOWS\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[2009/05/13 01:10:01 | 000,915,456 | ---- | M] (Microsoft Corporation) MD5=C0EB6850C8A02A154281749DC61FAF22 -- C:\WINDOWS\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[2008/06/23 12:01:51 | 000,827,904 | ---- | M] (Microsoft Corporation) MD5=C66402A06B83B036C195242C0C8CF83C -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[2009/03/02 20:17:40 | 000,828,416 | ---- | M] (Microsoft Corporation) MD5=C8667854873938CA13C986F16B0CD183 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[2009/08/29 04:08:21 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=CF0A5FE05BF614C24950D8FAEC1BC309 -- C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll
[2008/08/26 03:24:31 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=EF8EBA98145BFA44E80D17A3B3453300 -- C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll
[2008/04/23 00:16:29 | 000,826,368 | ---- | M] (Microsoft Corporation) MD5=F6589BE784647CFDBC22EA51CCB1A57A -- C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
[2009/12/21 15:14:05 | 000,916,480 | ---- | M] (Microsoft Corporation) MD5=FF4241C74E0C0A5AFFFE05F584213ECB -- C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll
< End of report >
  • 0

#6
azarl
Posted 19 May 2010 - 07:31 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#7
polling
Posted 19 May 2010 - 08:34 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Windows Validation Check
Log Created On: 1030_19-05-2010
------------------------

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-05-19 14:01:54
Last Success Time for Update Download: 2010-05-12 09:44:55
Last Success Time for Update Installation: 2010-05-13 07:04:43


WVCheck's File Dump
-------------------
WVCheck found no files.


WVCheck's Missing File Check
-------------------
WVCheck found no missing files.


WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.


-------- End of File, program close at 1033_19-05-2010 --------
  • 0

#8
azarl
Posted 19 May 2010 - 09:28 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
System File Checker
  • Click Start > Run and type cmd {enter}
  • Type SFC /scannow (Note the space between the c and the /)
    • You may need your Windows XP CD so have it ready.
    If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD.
  • Allow the scan to run and when completed, reboot the system.

  • 0

#9
polling
Posted 19 May 2010 - 10:11 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Does This Mean i might Lose My Work?

The only XP Disc i have the XP System Restore Disk
  • 0

#10
azarl
Posted 19 May 2010 - 10:16 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Shouldn't do, I'm not doing a restore, I just want to check if your system files are OK. If you haven't an installation disk, you can run it anyway. It will tell you if it needs it, and only if there are any problems
  • 0

Advertisements

#11
polling
Posted 19 May 2010 - 10:19 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
ok
  • 0

#12
polling
Posted 19 May 2010 - 10:51 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok

Did Scan

and Rebooted
  • 0

#13
azarl
Posted 20 May 2010 - 01:50 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#14
polling
Posted 21 May 2010 - 08:44 AM

polling

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 303 posts
Ok Sorry for the delay

I updated Java

But Kaspersky Online scanner didnt finish

it goes to 9% and stalls
  • 0

#15
azarl
Posted 21 May 2010 - 08:59 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
We'll try a different route

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP