[Miyamakes5]

Hi please help
My computer has been getting slower and slower. I ran Microsoft Security Essentials. Said no threats. But I knew something was wrong. So I signed up and ran OTL.
Please advise.
Thank you,
Wendy


OTL logfile created on: 7/22/2012 12:30:21 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.73 Mb Total Physical Memory | 260.27 Mb Available Physical Memory | 25.65% Memory free
2.38 Gb Paging File | 1.76 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 53.75 Gb Free Space | 70.09% Space Free | Partition Type: NTFS

Computer Name: OWNER-8D00C4C67 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 00:29:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/09/16 19:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/02 11:26:27 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2012/04/02 11:26:25 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2012/04/02 11:26:24 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2012/04/02 11:26:03 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2012/04/02 11:25:46 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2012/04/02 11:25:45 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2012/04/02 11:25:39 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2012/04/02 11:25:38 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2012/04/02 11:25:38 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2012/04/02 11:25:38 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2012/04/02 11:25:38 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2012/04/02 11:25:38 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2012/04/02 11:25:38 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2012/04/02 11:25:35 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2012/04/02 11:25:34 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2012/04/02 11:25:34 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2012/04/02 11:25:34 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2012/04/02 11:25:34 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2012/04/02 11:25:33 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2012/04/02 11:25:33 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2012/04/02 11:25:33 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2012/04/02 11:24:35 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2012/04/02 11:24:35 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2012/04/02 11:24:35 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2012/04/02 11:24:35 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2012/04/02 11:24:34 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2012/04/02 11:24:34 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2012/04/02 11:24:34 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2012/04/02 11:24:34 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2012/03/28 20:49:23 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dbca213b\mscorlib.dll
MOD - [2012/03/28 20:49:19 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7060675a\system.drawing.dll
MOD - [2012/03/28 20:49:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c59e2959\system.xml.dll
MOD - [2012/03/28 20:48:54 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_37d76317\system.windows.forms.dll
MOD - [2012/03/28 20:48:42 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5935d096\system.dll
MOD - [2012/03/28 20:48:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/03/28 20:48:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/03/28 19:47:05 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/03/28 19:47:05 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/03/28 19:47:04 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2004/11/02 16:57:08 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/13 04:45:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/11/23 07:58:04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/21 21:27:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A7646D7-BC77-4DC7-AA8D-61F4B6E20709}\MpKsl2001ae5e.sys -- (MpKsl2001ae5e)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/17 07:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EE0844C4-6685-460B-A42F-93C2AC27B4F2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{EE0844C4-6685-460B-A42F-93C2AC27B4F2}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000001320a18d91
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3158970
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.Incre...Tlsc5EtqaB&i=38
IE - HKCU\..\SearchScopes\{EE0844C4-6685-460B-A42F-93C2AC27B4F2}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox


O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4B28D4-9A6E-4B2F-89D8-9A95811F78FC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/28 19:45:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 00:29:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/03 20:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2012/07/03 12:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer project
[2012/07/03 12:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ESSEX Insurance Docs
[2012/07/03 12:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer
[2012/06/25 10:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Essex Inv. 6.25.12
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 00:45:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/22 00:42:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 00:29:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/07/21 21:33:43 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/21 21:23:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/21 21:21:06 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 21:20:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/21 21:20:54 | 1064,091,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 20:18:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{484948AB-0D97-48B9-B66E-C41CA77AA159}.job
[2012/07/18 20:23:57 | 000,038,306 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Unpaid invoices.pdf
[2012/07/18 19:47:54 | 000,109,182 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AYSO 2012 Coach Course reg. Wendy Simpson.pdf
[2012/07/18 11:41:52 | 001,307,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Met BBQ contract approval.pdf
[2012/07/18 11:35:56 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2012/07/17 16:53:50 | 000,208,276 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Forest City Ins. Cert. 2012.pdf
[2012/07/17 16:34:37 | 000,052,242 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10459 Adams.pdf
[2012/07/17 16:32:19 | 000,179,641 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Final release for Adams Inv. 10459.pdf
[2012/07/17 16:16:43 | 000,130,221 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Change Order 004.pdf
[2012/07/17 15:28:53 | 000,051,543 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Helene.pdf
[2012/07/17 12:46:25 | 000,008,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Metro 417 pymt. Inv. 10419.pdf
[2012/07/17 08:55:18 | 000,059,020 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Proposal 4269 Master Bath.pdf
[2012/07/17 08:46:38 | 000,049,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Adams Invoice 10457.pdf
[2012/07/16 13:16:16 | 000,048,139 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Invoice 10456.pdf
[2012/07/16 13:13:58 | 000,050,401 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Invoice 10455 unit 1,4 7.pdf
[2012/07/13 16:00:17 | 000,051,275 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Metro 417 Invoice 10454 Coffee Serv. Ctr..pdf
[2012/07/12 19:21:34 | 001,959,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Met BBQ Contract.pdf
[2012/07/12 11:50:23 | 000,147,335 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Forest City contract ref form.pdf
[2012/07/11 07:15:45 | 000,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 03:07:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 19:19:35 | 000,046,800 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cielo Proposal 4265 Unit 233 Door and Lock.pdf
[2012/07/10 17:53:11 | 000,935,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KABA Invoice The Met 7.10.12.pdf
[2012/07/10 10:33:18 | 000,046,429 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Optimus bid form.pdf
[2012/07/10 08:56:05 | 000,044,754 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Sunbelt Open Invoices 7.10.12.pdf
[2012/07/10 08:13:37 | 000,053,866 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Open Invoices as of 7.9.12.pdf
[2012/07/10 08:07:03 | 000,057,408 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer Shop Drawings.pdf
[2012/07/09 17:13:35 | 000,367,634 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KKG Appliance cut sheets.pdf
[2012/07/07 16:28:41 | 000,449,359 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Signed response ltr. to camp atty..pdf
[2012/07/06 20:23:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/07/06 09:57:22 | 000,072,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Invoice 10426 Unit 101 7.6.12.pdf
[2012/07/06 09:26:21 | 000,062,417 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CamarilloProposal 4263 unit 204.pdf
[2012/07/05 14:06:54 | 000,368,797 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SSA Prescott Order lock.pdf
[2012/07/05 10:02:13 | 000,038,798 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Open invoices as of 7.5.12.pdf
[2012/07/05 09:38:14 | 000,040,526 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fountain open invoices as of 7.5.12.pdf
[2012/07/05 09:01:56 | 000,049,348 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10417 Adams.Central adjust door.pdf
[2012/07/05 09:01:00 | 000,051,283 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10413 Adams.Central Astricals.pdf
[2012/07/05 09:00:11 | 000,050,854 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10378 Adams.Central Hinges.pdf
[2012/07/04 09:13:09 | 000,001,195 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to PDFCreator.exe.lnk
[2012/07/03 15:44:39 | 000,105,858 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Stmt 7.3.12.pdf
[2012/07/03 15:26:46 | 000,049,764 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Proposal 4262 Dorothy project.pdf
[2012/07/03 14:33:00 | 000,109,692 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Ltr. for diff. in cabinets.pdf
[2012/07/03 12:10:27 | 001,241,922 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura granite change order.pdf
[2012/07/03 11:58:47 | 000,049,978 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer Proposal 4261 7.3.12.pdf
[2012/07/03 11:41:46 | 000,014,516 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Essex Addl. Ins. Certificate 2012.2013.pdf
[2012/07/03 11:31:28 | 000,190,170 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KKG Proposal Maura 6.29.12.pdf
[2012/07/03 11:22:42 | 001,117,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CreatePDFDesktop.air
[2012/07/03 10:11:45 | 000,066,284 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Proposal Kinsella Cabinets 6.29.12.pdf
[2012/07/03 09:46:06 | 000,014,427 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Collins Ins. Cert. Essex.pdf
[2012/06/30 10:03:24 | 000,049,065 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Verdugo Inv. 10445 unit107 flooring.pdf
[2012/06/29 16:02:38 | 000,281,274 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AYSO volunteer form.pdf
[2012/06/29 10:27:46 | 000,063,115 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\KKG.Adams and Central Proposal 4231 Pulls.Deadbolts.pdf
[2012/06/29 08:09:27 | 000,055,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Inv. 10443 Unit 201 clean.pdf
[2012/06/28 11:23:28 | 000,060,702 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Reveal Invoice 10435 PO251820.pdf
[2012/06/26 12:26:28 | 000,039,542 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Met Open invoices 6.26.12.pdf
[2012/06/26 12:24:59 | 000,036,830 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Metro 417 Outstanding invoices 6.26.12.pdf
[2012/06/26 11:36:35 | 000,935,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Mirabella train. inv..pdf
[2012/06/26 11:25:49 | 000,148,399 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cal-Royal is going GREEN[1].pdf
[2012/06/25 15:52:19 | 000,042,122 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AYSO Player Form.pdf
[2012/06/25 12:46:01 | 000,243,688 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Sunbelt Work order approval Camarillo 202.pdf
[2012/06/25 12:21:30 | 000,041,460 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\AYSO Player Reg. form.pdf
[2012/06/25 11:58:03 | 000,047,009 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fountain Proposal unit 107.pdf
[2012/06/25 11:56:23 | 000,058,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Fountain Inv. 10441.pdf
[2012/06/25 10:48:47 | 000,531,589 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Essex Inv. 6.25.zip
[2012/06/22 14:16:33 | 000,038,050 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Art Fuss Invoice 10373.pdf
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 20:23:55 | 000,038,306 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Unpaid invoices.pdf
[2012/07/18 19:47:24 | 000,109,182 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AYSO 2012 Coach Course reg. Wendy Simpson.pdf
[2012/07/18 11:41:51 | 001,307,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Met BBQ contract approval.pdf
[2012/07/17 16:53:49 | 000,208,276 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Forest City Ins. Cert. 2012.pdf
[2012/07/17 16:34:35 | 000,052,242 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10459 Adams.pdf
[2012/07/17 16:32:16 | 000,179,641 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Final release for Adams Inv. 10459.pdf
[2012/07/17 16:12:25 | 000,130,221 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Change Order 004.pdf
[2012/07/17 12:46:25 | 000,008,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Metro 417 pymt. Inv. 10419.pdf
[2012/07/17 08:55:16 | 000,059,020 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Proposal 4269 Master Bath.pdf
[2012/07/17 08:46:27 | 000,049,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Adams Invoice 10457.pdf
[2012/07/16 13:16:14 | 000,048,139 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Invoice 10456.pdf
[2012/07/16 13:13:57 | 000,050,401 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Carol Stein Invoice 10455 unit 1,4 7.pdf
[2012/07/13 18:04:36 | 000,051,543 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Helene.pdf
[2012/07/13 16:00:16 | 000,051,275 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Metro 417 Invoice 10454 Coffee Serv. Ctr..pdf
[2012/07/12 19:20:48 | 001,959,224 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Met BBQ Contract.pdf
[2012/07/12 11:50:23 | 000,147,335 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Forest City contract ref form.pdf
[2012/07/10 19:19:31 | 000,046,800 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cielo Proposal 4265 Unit 233 Door and Lock.pdf
[2012/07/10 17:53:11 | 000,935,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KABA Invoice The Met 7.10.12.pdf
[2012/07/10 17:17:26 | 000,046,429 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Optimus bid form.pdf
[2012/07/10 08:56:03 | 000,044,754 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Sunbelt Open Invoices 7.10.12.pdf
[2012/07/10 08:13:35 | 000,053,866 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Open Invoices as of 7.9.12.pdf
[2012/07/10 08:07:02 | 000,057,408 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer Shop Drawings.pdf
[2012/07/09 17:13:35 | 000,367,634 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KKG Appliance cut sheets.pdf
[2012/07/07 16:28:24 | 000,449,359 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Signed response ltr. to camp atty..pdf
[2012/07/06 09:57:20 | 000,072,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Invoice 10426 Unit 101 7.6.12.pdf
[2012/07/05 14:06:35 | 000,368,797 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\SSA Prescott Order lock.pdf
[2012/07/05 10:02:11 | 000,038,798 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Open invoices as of 7.5.12.pdf
[2012/07/05 09:38:12 | 000,040,526 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Fountain open invoices as of 7.5.12.pdf
[2012/07/05 09:01:55 | 000,049,348 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10417 Adams.Central adjust door.pdf
[2012/07/05 09:00:59 | 000,051,283 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10413 Adams.Central Astricals.pdf
[2012/07/05 09:00:11 | 000,050,854 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Invoice 10378 Adams.Central Hinges.pdf
[2012/07/05 08:56:15 | 000,062,417 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CamarilloProposal 4263 unit 204.pdf
[2012/07/04 09:13:09 | 000,001,195 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to PDFCreator.exe.lnk
[2012/07/03 15:44:32 | 000,105,858 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Stmt 7.3.12.pdf
[2012/07/03 15:26:43 | 000,049,764 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Proposal 4262 Dorothy project.pdf
[2012/07/03 14:02:44 | 000,109,692 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Ltr. for diff. in cabinets.pdf
[2012/07/03 12:10:27 | 001,241,922 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura granite change order.pdf
[2012/07/03 11:58:43 | 000,049,978 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Lederer Proposal 4261 7.3.12.pdf
[2012/07/03 11:41:46 | 000,014,516 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Essex Addl. Ins. Certificate 2012.2013.pdf
[2012/07/03 11:31:11 | 000,190,170 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KKG Proposal Maura 6.29.12.pdf
[2012/07/03 10:11:45 | 000,066,284 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG Maura Proposal Kinsella Cabinets 6.29.12.pdf
[2012/07/03 09:46:06 | 000,014,427 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Collins Ins. Cert. Essex.pdf
[2012/06/30 10:03:23 | 000,049,065 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Verdugo Inv. 10445 unit107 flooring.pdf
[2012/06/29 10:27:44 | 000,063,115 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\KKG.Adams and Central Proposal 4231 Pulls.Deadbolts.pdf
[2012/06/29 08:09:26 | 000,055,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Camarillo Inv. 10443 Unit 201 clean.pdf
[2012/06/28 11:23:26 | 000,060,702 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Reveal Invoice 10435 PO251820.pdf
[2012/06/26 12:26:26 | 000,039,542 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Met Open invoices 6.26.12.pdf
[2012/06/26 12:24:56 | 000,036,830 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Metro 417 Outstanding invoices 6.26.12.pdf
[2012/06/26 11:36:34 | 000,935,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Mirabella train. inv..pdf
[2012/06/26 11:25:49 | 000,148,399 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cal-Royal is going GREEN[1].pdf
[2012/06/25 15:52:18 | 000,042,122 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AYSO Player Form.pdf
[2012/06/25 12:46:00 | 000,243,688 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Sunbelt Work order approval Camarillo 202.pdf
[2012/06/25 12:21:30 | 000,041,460 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AYSO Player Reg. form.pdf
[2012/06/25 12:17:16 | 000,281,274 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\AYSO volunteer form.pdf
[2012/06/25 11:56:21 | 000,058,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Fountain Inv. 10441.pdf
[2012/06/25 10:48:02 | 000,531,589 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Essex Inv. 6.25.zip
[2012/06/22 14:16:31 | 000,038,050 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Art Fuss Invoice 10373.pdf
[2012/04/02 12:32:49 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2012/04/02 11:07:58 | 000,068,976 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/04/02 11:07:57 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/03/29 10:31:05 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/29 10:10:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/28 20:23:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/28 19:55:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/28 19:41:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/28 11:32:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/28 11:26:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012/03/28 11:24:30 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/06/16 19:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/04/01 07:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/05/04 10:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/06/16 19:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon
[2012/04/23 12:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.acrobat.createpdf.CreatePDFDesktop
[2012/03/29 10:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2012/07/22 00:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mjusbsp
[2012/07/03 20:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2012/07/21 20:18:16 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{484948AB-0D97-48B9-B66E-C41CA77AA159}.job

========== Purity Check ==========



< End of report >

[Advertisements]

Hi Miyamakes5, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

• Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
• Follow the steps exactly in the order posted.
• Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
• If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
• It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
• Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
• Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

Step One: Run OTL Custom Scan

Since it's been several days since your last scan I'd like to get a new one.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  >C:\commands.txt echo list vol /raw /hide /c
  /wait
  >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
  /wait
  type c:\diskreport.txt /c
  /wait
  erase c:\commands.txt /hide /c
  /wait
  erase c:\diskreport.txt /hide /c
  CREATERESTOREPOINT
  

• Please select the Scan All Users checkbox.
• Change the File Age dropdown list from 30 days to 60 days.
• Under Extra Registry heading, select Use Safelist.
• Select LOP Check and Purity Check.
• Then click the Run Scan button at the top
• Let the program run unhindered, until it is done
• Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

• Double click aswMBR.exe to run it.
• When asked if you want to download Avast's virus definitions please select, No.
• Click Scan to start the scan.
  
  
• When the scan ends click Save Log and save it to your desktop.
  
  
• Post the log in your next reply.

What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.

[blmadara]

Hi Miyamakes5, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

• Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
• Follow the steps exactly in the order posted.
• Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
• If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
• It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
• Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
• Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

Step One: Run OTL Custom Scan

Since it's been several days since your last scan I'd like to get a new one.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  >C:\commands.txt echo list vol /raw /hide /c
  /wait
  >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
  /wait
  type c:\diskreport.txt /c
  /wait
  erase c:\commands.txt /hide /c
  /wait
  erase c:\diskreport.txt /hide /c
  CREATERESTOREPOINT
  

• Please select the Scan All Users checkbox.
• Change the File Age dropdown list from 30 days to 60 days.
• Under Extra Registry heading, select Use Safelist.
• Select LOP Check and Purity Check.
• Then click the Run Scan button at the top
• Let the program run unhindered, until it is done
• Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

• Double click aswMBR.exe to run it.
• When asked if you want to download Avast's virus definitions please select, No.
• Click Scan to start the scan.
  
  
• When the scan ends click Save Log and save it to your desktop.
  
  
• Post the log in your next reply.

What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.