Hi mommagee,
I posted the logs for you. You may post your logs next time and not attached them as they're easier to review when posted.
OTL logfile created on: 12/10/2010 2:03:32 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
958.00 Mb Total Physical Memory | 537.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1437 1600 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 165.41 Gb Free Space | 73.72% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 124.49 Mb Total Space | 71.79 Mb Free Space | 57.67% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Drive K: | 617.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 518.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
========== Modules (SafeList) ========== MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/05/26 06:24:04 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
========== Driver Services (SafeList) ========== DRV - [2010/09/10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2009/06/28 14:15:42 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/27 21:23:58 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/17 15:11:08 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/17 15:11:06 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:11:04 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/10/29 20:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/14 01:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 21:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "
http://yahoo.ca/"FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems:
[email protected]:2.2
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:1.2
FF - prefs.js..extensions.enabledItems:
[email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.12
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 21:27:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 21:27:06 | 000,000,000 | ---D | M]
[2009/04/19 01:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/10/11 18:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions
[2010/06/24 18:49:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/25 12:48:34 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2010/06/24 18:48:53 | 000,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/01/25 12:48:50 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/06/24 18:48:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/24 18:48:58 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/06/24 18:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/06/24 18:48:57 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/06/24 13:59:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/24 18:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\
[email protected][2010/06/24 18:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\
[email protected][2010/06/24 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\aigpd85j.default\extensions\
[email protected][2010/10/11 18:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 14:51:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/01/11 11:16:18 | 000,000,789 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3}
http://cdn2.zone.msn...rk.cab56649.cab (StagingUI Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 13:53:34 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,000,189 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:32 | 000,011,024 | R--- | M] (Her Interactive, Inc.) - K:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:18:33 | 000,052,896 | R--- | M] (Her Interactive, Inc.) - L:\autorun2.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/09 20:05:38 | 000,000,046 | R--- | M] () - L:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell - "" = AutoRun
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16001009-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun\command - "" = K:\autorun.exe [open][2] Setup.exe -- File not found
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell - "" = AutoRun
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1600100c-4b26-11df-b416-0013d3d9d1ea}\Shell\AutoRun\command - "" = L:\autorun2.exe -- [2009/09/09 20:18:33 | 000,052,896 | R--- | M] (Her Interactive, Inc.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\VENAutoDisk1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 15:12:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
========== Files/Folders - Created Within 90 Days ========== [2010/10/12 10:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ComodoGroup
[2010/10/07 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\keyboarding pro
[2010/09/09 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\skypePM
[2010/09/09 19:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Skype
[2010/09/09 19:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/09/09 19:03:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/09/09 19:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/10/12 14:03:13 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat
[2010/10/12 13:51:54 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/10/12 11:54:49 | 000,071,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:25:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/12 10:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 10:24:01 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/10/12 10:23:48 | 008,599,488 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
[2010/10/12 10:22:59 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/11 23:32:48 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/10 22:29:17 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/10 22:04:11 | 014,372,220 | ---- | M] () -- C:\Program Files\Skype.zip
[2010/10/09 23:30:56 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/10/09 21:37:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/09 19:27:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/10/09 19:26:14 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Ares.lnk
[2010/10/09 11:49:17 | 000,128,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vso_ts_preview.xml
[2010/10/09 03:04:08 | 000,532,218 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/09 03:04:08 | 000,462,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/09 03:04:08 | 000,080,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 23:36:22 | 000,086,528 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/10/05 22:32:50 | 000,012,560 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/10/05 22:29:56 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/10/03 07:33:56 | 000,219,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 22:47:10 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 09:25:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/20 17:30:09 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/09/16 03:09:06 | 000,000,657 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/09/16 03:08:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/11 11:55:58 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/09 21:15:39 | 000,001,452 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:10:03 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:03:21 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:21 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/09/09 18:30:52 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\support payments.xls
[2010/09/06 22:19:55 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\schedule A.doc
[2010/08/06 22:32:55 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[2010/07/19 11:07:54 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule A.doc
[17 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/10/12 10:24:49 | 000,071,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/10/12 10:22:59 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/10/12 10:02:26 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\CIS config
[2010/10/10 22:04:06 | 014,372,220 | ---- | C] () -- C:\Program Files\Skype.zip
[2010/10/09 23:31:17 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job
[2010/10/09 23:30:56 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk
[2010/09/30 22:23:21 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Log of inconsistent visits.doc
[2010/09/30 20:22:01 | 000,012,560 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35.1.docx
[2010/09/30 09:25:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/09/27 16:32:13 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FALL#2EMAILFORM.doc
[2010/09/27 16:22:30 | 000,555,679 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\KCREGFORMOCT.pdf
[2010/09/23 13:26:55 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 8 Application General.doc
[2010/09/23 13:26:54 | 000,086,528 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Schedule B2.doc
[2010/09/09 21:15:38 | 000,001,452 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\pkg_home2_02.gif
[2010/09/09 21:13:37 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\FunBrain.com - The Internet's #1 Education Site for K-8 Kids and Teachers.URL
[2010/09/09 20:52:45 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/09/09 19:10:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/09 19:03:21 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 19:02:20 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Shortcut to Shared Documents.lnk
[2010/08/11 22:34:03 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/08/06 22:32:55 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule B.doc
[2010/08/06 22:32:51 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$rm 35 question 8.doc
[2010/08/03 14:57:31 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Form 35 question 8.doc
[2010/07/19 11:07:54 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\~$hedule A.doc
[2010/07/17 20:11:10 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\schedule A.doc
[2010/06/16 22:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/06/16 21:52:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2010/05/24 00:37:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009/09/04 22:46:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ResortingToDanger.INI
[2009/07/24 17:14:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/07/03 12:04:31 | 000,000,247 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/03 12:02:43 | 000,001,189 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/07/02 05:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2009/06/29 14:42:27 | 000,000,151 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/06/28 15:35:00 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KeySkill.ini
[2009/06/28 15:27:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\KSMT.ini
[2009/06/28 15:25:14 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Sunburst Internet Installer.ini
[2009/06/28 14:15:41 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/03 16:57:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.8.65951.477_XP_Vista_x32.INI
[2009/02/10 23:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2009/02/01 20:57:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009/01/20 00:52:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/16 14:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/08 17:24:55 | 000,090,624 | ---- | C] () -- C:\WINDOWS\System32\nwgyvpnv.dll
[2009/01/01 00:54:11 | 000,030,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/29 10:58:15 | 000,000,576 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/05/29 10:57:48 | 000,001,233 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/04/14 13:46:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2007/02/20 17:38:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.HP_Administrator.ini
[2007/01/31 16:49:17 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2007/01/27 20:40:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/01/23 10:51:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/01/23 10:51:37 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/23 10:43:46 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/01/23 10:42:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/11/30 14:22:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 14:01:04 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/30 13:57:11 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/30 13:57:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/30 13:54:09 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/30 13:50:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 13:46:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 13:46:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 13:46:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 13:46:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 13:46:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 13:46:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 13:39:49 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/30 13:27:55 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/30 13:24:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/11/30 13:11:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 13:05:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/30 13:05:38 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/30 13:05:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 16:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 08:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/07/26 18:51:38 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/03 05:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/15 08:21:00 | 000,448,271 | ---- | C] () -- C:\WINDOWS\System32\wmvdmoe.dll
========== LOP Check ========== [2009/06/28 15:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/09/13 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/06/21 23:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/01/19 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/10/09 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/10 14:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/01/03 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/08/22 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/06/06 12:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/12 13:51:54 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
========== Purity Check ========== ========== Custom Scans ========== < MD5 for: AGP440.SYS >[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/01/12 13:23:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/05/19 10:01:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >[2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/10 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< c:\windows\system32\*.dll /lockedfiles >[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
< c:\windows\system32\drivers\*.sys /lockedfiles >[2009/06/28 14:15:42 | 000,721,904 | ---- | M] ()
Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 88 bytes -> C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL:SummaryInformation
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F22DA14
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDD78BE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:703CE963
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E158DDD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5238720
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD2D817
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B73EC53A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5466F106
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83E716F0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F292FAC
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62722F27
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55E3C0E0
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFFCB9A9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD3C973
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF063775
< End of report >