Thanks,
Adam
MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.18.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valued Customer :: VALUED-0D5227D4 [administrator]
3/16/2012 9:47:01 PM
mbam-log-2012-03-16 (21-47-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181903
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
**********
OTL log:
OTL logfile created on: 3/17/2012 1:22:43 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
253.51 Mb Total Physical Memory | 147.02 Mb Available Physical Memory | 57.99% Memory free
624.58 Mb Paging File | 499.24 Mb Available in Paging File | 79.93% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.14 Gb Total Space | 2.50 Gb Free Space | 13.04% Space Free | Partition Type: NTFS
Computer Name: VALUED-0D5227D4 | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Valued Customer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\BrmfBAgS.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (brmfbags) -- C:\WINDOWS\system32\BrmfBAgS.exe (Brother Industries, Ltd.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Cdralw2k) -- File not found
DRV - (Cdr4_2K) -- File not found
DRV - (SCTDriverV1011) -- C:\WINDOWS\system32\drivers\SCTDriverV1011.sys (Jungo)
DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI Corporation)
DRV - (slabbus) Edge Products USB Device driver (WDM) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
DRV - (BrParWdm) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {ADCD4153-DF7D-424A-8540-152D600E55E9}
IE - HKCU\..\SearchScopes\{ADCD4153-DF7D-424A-8540-152D600E55E9}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2012/02/18 00:28:03 | 000,610,008 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16254 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: uploaded.to ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: utsa.edu ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1170368816796 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FC23261-05FD-4681-A8B5-123B43FCA55A}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/01 16:47:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9b09ecb0-a632-11df-865e-00065b71ebb3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/17 12:54:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/03/17 12:36:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Valued Customer\Recent
[2012/03/16 21:12:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Valued Customer\Start Menu\Programs\System Check
[2012/02/26 12:02:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2011
[2012/02/26 12:01:54 | 000,000,000 | -H-D | C] -- C:\Program Files\PDF995
[2012/02/26 12:01:54 | 000,000,000 | -H-D | C] -- C:\Program Files\HRBlock2011
[1 C:\Documents and Settings\Valued Customer\*.tmp files -> C:\Documents and Settings\Valued Customer\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/17 12:55:02 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2012/03/17 12:37:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/17 12:37:03 | 265,895,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/17 12:36:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/03/16 21:19:51 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/16 21:13:39 | 000,000,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\29Rz2VPhvzv9Q6
[2012/03/16 21:12:37 | 000,000,272 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~29Rz2VPhvzv9Q6
[2012/03/16 21:12:37 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~29Rz2VPhvzv9Q6r
[2012/03/16 21:12:31 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\System Check.lnk
[2012/03/16 21:12:19 | 000,346,624 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\29Rz2VPhvzv9Q6.exe
[2012/03/16 21:04:18 | 000,442,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qvPKttoujdWOABX.exe
[2012/03/13 23:58:39 | 000,641,128 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/13 23:50:58 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 22:47:55 | 000,002,547 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\OpenOffice.org Writer.lnk
[2012/03/11 18:09:27 | 000,441,552 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 18:09:27 | 000,071,488 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/27 21:59:42 | 000,037,904 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\Charles Adamson 2011 Tax Return.T11
[2012/02/26 19:55:58 | 001,483,108 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\Amendment[1].jpg
[2012/02/18 00:28:03 | 000,610,008 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[1 C:\Documents and Settings\Valued Customer\*.tmp files -> C:\Documents and Settings\Valued Customer\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/17 00:34:33 | 265,895,936 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/16 21:19:50 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/16 21:12:37 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~29Rz2VPhvzv9Q6r
[2012/03/16 21:12:36 | 000,000,272 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~29Rz2VPhvzv9Q6
[2012/03/16 21:12:31 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\System Check.lnk
[2012/03/16 21:12:24 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\29Rz2VPhvzv9Q6
[2012/03/16 21:12:18 | 000,346,624 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\29Rz2VPhvzv9Q6.exe
[2012/03/16 21:07:22 | 000,442,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\qvPKttoujdWOABX.exe
[2012/02/27 21:59:41 | 000,037,904 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\Charles Adamson 2011 Tax Return.T11
[2012/02/26 20:04:09 | 001,483,108 | -H-- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\Amendment[1].jpg
[2012/02/14 13:38:57 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/24 18:46:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/11/07 08:06:18 | 000,633,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/29 14:07:22 | 000,019,696 | -H-- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/05/29 13:53:55 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\hpqscr01.dat
[2010/05/29 13:52:00 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\hposcr05.dat
========== LOP Check ==========
[2009/08/27 01:14:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2010/12/29 14:33:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/05/03 12:10:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/02/26 11:59:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/12/15 20:18:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/09/07 15:41:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\com.zipeg
[2011/12/24 23:38:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Emse
[2012/02/26 21:40:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Image Zone Express
[2007/12/16 15:26:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\MSNInstaller
[2011/12/24 23:33:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Ojahfa
[2011/05/22 23:57:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\RadioCatch Web Radio Recorder
[2012/02/26 12:04:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\TaxCut
[2007/12/16 15:49:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
[2009/04/25 22:21:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\WinPatrol
[2010/07/02 22:38:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Zipeg
========== Purity Check ==========
< End of report >