OTL logfile created on: 6/23/2010 5:58:42 PM - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Documents and Settings\Barbara\My Documents\Download
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
446.00 Mb Total Physical Memory | 69.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 63.44 Gb Free Space | 85.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37.26 Gb Total Space | 35.24 Gb Free Space | 94.57% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HL1000
Current User Name: Barbara
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/06/23 17:56:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barbara\My Documents\Download\OTL.exe
PRC - [2010/06/22 21:53:45 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/22 21:53:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/07 13:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Barbara\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/28 08:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2008/04/28 08:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 15:02:46 | 000,177,448 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2007/06/28 17:09:14 | 000,293,104 | ---- | M] (AT&T) -- C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/12/19 14:45:16 | 000,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/06/23 17:56:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barbara\My Documents\Download\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (npkcmsvc)
SRV - File not found [Auto | Stopped] --  -- (FreezeScreenSaver)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/16 17:53:04 | 000,099,056 | ---- | M] (Radialpoint Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe -- (RPSUpdaterR)
SRV - [2008/04/28 08:23:36 | 000,738,568 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2008/04/28 08:23:28 | 000,414,984 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2007/11/27 15:02:46 | 000,177,448 | R--- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2007/06/28 17:09:14 | 000,293,104 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe -- (RP_FWS)
SRV - [2007/01/02 22:46:54 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/12/19 14:45:16 | 000,280,080 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/12/10 23:29:24 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/11/16 17:53:05 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2008/04/25 07:38:22 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/24 16:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/11/26 17:33:52 | 000,835,792 | ---- | M] (Authentium, Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2007/06/27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2007/02/20 15:07:56 | 000,005,632 | R--- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/28 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2006/02/22 23:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/22 23:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/03/16 02:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "FullScreensavers Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1394623&SearchSource=3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-upgrd"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-upgrd"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1394623&SearchSource=2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/09/08 05:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 22:23:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/22 21:53:45 | 000,000,000 | ---D | M]
 
[2008/10/27 12:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Extensions
[2010/06/21 19:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\yrrwe0nt.default\extensions
[2010/04/01 20:02:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\yrrwe0nt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 19:04:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\yrrwe0nt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/11/08 15:59:36 | 000,000,000 | ---D | M] (FullScreensavers Toolbar) -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\yrrwe0nt.default\extensions\{a042fc58-37cb-49f2-82e8-be2000ea9c91}
[2008/11/04 21:50:38 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\yrrwe0nt.default\searchplugins\conduit.xml
[2010/06/21 18:54:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/27 12:40:31 | 000,000,000 | ---D | M] (WordSearch) -- C:\Program Files\Mozilla Firefox\extensions\{32A8BD73-1A5E-4a89-9939-AE6244253795}(2)
[2008/10/31 17:05:33 | 000,000,000 | ---D | M] (WordSearch) -- C:\Program Files\Mozilla Firefox\extensions\{32A8BD73-1A5E-4a89-9939-AE6244253795}(3)
 
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll (Radialpoint Inc.)
O2 - BHO: (no name) - {a042fc58-37cb-49f2-82e8-be2000ea9c91} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a042fc58-37cb-49f2-82e8-be2000ea9c91} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A042FC58-37CB-49F2-82E8-BE2000EA9C91} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://support.att.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205001014656 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/21 01:23:14 | 000,000,141 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/08/13 18:50:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2010/06/23 16:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/23 16:26:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/23 16:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/21 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/06/21 21:33:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/21 21:33:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/21 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/21 21:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\My Documents\Downloads
[2010/06/21 21:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Application Data\SUPERAntiSpyware.com
[2010/06/21 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/21 19:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/21 18:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Desktop\Brendon's Tools
[2010/06/21 18:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\My Documents\Registry Backups
[2010/06/21 18:45:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Barbara\Recent
[2010/06/18 22:38:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Barbara\Desktop\New Briefcase
[2010/06/11 22:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Application Data\MSNInstaller
[2010/06/05 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\SBC Yahoo!
[2010/06/03 23:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/05/30 07:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\New Folder (3)
[2010/04/22 20:18:49 | 027,386,256 | ---- | C] (                                   ) -- C:\Documents and Settings\Barbara\My Documents\AdbeRdr930_en_US.exe
[2010/03/28 10:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2008/11/05 12:51:48 | 000,089,088 | ---- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll
 
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
 
[2010/06/23 18:00:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2C24F1BB-37E7-47E4-97A5-95B2CA86C154}.job
[2010/06/23 17:54:31 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/23 16:40:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/23 16:34:53 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/23 16:34:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 16:26:10 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\NTREGOPT.lnk
[2010/06/23 16:26:10 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\ERUNT.lnk
[2010/06/23 14:10:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 14:10:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/23 14:09:39 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Barbara\ntuser.dat
[2010/06/23 14:09:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Barbara\ntuser.ini
[2010/06/22 22:57:33 | 003,722,926 | -H-- | M] () -- C:\Documents and Settings\Barbara\Local Settings\Application Data\IconCache.db
[2010/06/22 22:52:32 | 000,156,280 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\graphics problem.JPG
[2010/06/22 21:36:53 | 000,520,908 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 21:36:53 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 21:36:53 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 21:35:47 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/22 21:26:56 | 001,190,612 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Inbox.dbx
[2010/06/22 21:26:56 | 000,076,500 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Outbox.dbx
[2010/06/22 21:26:56 | 000,075,204 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Folders.dbx
[2010/06/22 21:26:56 | 000,009,656 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Offline.dbx
[2010/06/22 20:21:35 | 001,059,540 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Deleted Items.dbx
[2010/06/22 20:21:31 | 000,037,137 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Silhouettes Cancelled Items- # P9180712.eml
[2010/06/22 20:20:26 | 000,027,686 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\1.eml
[2010/06/22 20:02:52 | 000,009,404 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Pop3uidl.dbx
[2010/06/22 19:32:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 22:17:04 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Revo Uninstaller.lnk
[2010/06/21 21:35:09 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Spyware collection.bmp
[2010/06/21 21:33:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 21:00:19 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/21 19:30:53 | 000,113,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/06/21 18:41:55 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\CCleaner.lnk
[2010/06/18 21:56:39 | 000,013,490 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\SmartBargains Order Confirmation #1095257216.eml
[2010/06/18 12:50:09 | 000,006,788 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Cancellation Confirmation.eml
[2010/06/18 12:48:38 | 000,152,280 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Vonage Visual Voicemail from 16787141495 - New Voicemail Received.eml
[2010/06/17 21:08:38 | 000,026,882 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\44.eml
[2010/06/13 13:08:57 | 000,026,939 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\4.eml
[2010/06/13 13:08:20 | 000,027,343 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\A large purchase has posted to your account.eml
[2010/06/13 13:07:45 | 000,002,482 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Payment receipt from April Painting Company, Inc_.eml
[2010/06/13 13:06:35 | 000,026,939 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Merchant refund_credit posted to your account2.eml
[2010/06/13 13:05:32 | 000,025,538 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Your payment has posted.eml
[2010/06/13 13:04:50 | 000,005,227 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Re_ [Ticket#2010060910025463] In Regards To Your Call To Archives_com.eml
[2010/06/10 10:16:59 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:31:29 | 001,509,799 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Invoice from April Painting Company, Inc_.eml
[2010/06/09 17:30:05 | 000,047,414 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Online Billing.mht
[2010/06/09 11:29:28 | 000,749,027 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\form.pdf
[2010/06/08 17:57:10 | 000,007,383 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\FW_  History lesson.eml
[2010/06/05 22:38:37 | 000,103,892 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Your DIRECTV Movie Guide.eml
[2010/05/31 22:27:26 | 000,182,284 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\GliddenMaterials.pdf
[2010/05/30 09:12:58 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/29 22:00:21 | 000,026,783 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Merchant refund_credit posted to your account.eml
[2010/05/29 21:59:34 | 000,012,600 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Re_ [Ticket#2010052910011307] Regarding your phone call to Archives.eml
[2010/05/29 11:38:08 | 002,299,816 | ---- | M] () -- C:\Documents and Settings\Barbara\2
[2010/05/28 16:54:09 | 000,003,286 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\3.eml
[2010/05/28 16:53:40 | 000,297,398 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\05_28_10 Estimate for Barbara LoCicero.eml
[2010/05/28 16:10:24 | 000,023,868 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Debit card change coming soon - please read.eml
[2010/05/28 10:41:40 | 000,003,286 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Pressure Washing.eml
[2010/05/27 07:24:41 | 000,009,866 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\FW_ Remember Cell Phone Numbers go Public this month -.eml
[2010/05/27 07:19:15 | 000,022,771 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Your Paint, Varnish or Stain Interior Surfaces Project.eml
[2010/05/27 07:18:25 | 000,227,588 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Estimate for Barbara LoCicero.eml
[2010/05/27 07:17:40 | 000,008,947 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Re_ check.eml
[2010/05/26 17:24:40 | 001,897,765 | ---- | M] () -- C:\Documents and Settings\Barbara\05-26-10 Estimate for Barbara LoCicero.prn
[2010/05/26 16:59:56 | 000,107,408 | ---- | M] () -- C:\Documents and Settings\Barbara\05-26-10 Estimate for Barbara LoCicero.pdf
[2010/05/24 18:29:40 | 000,019,150 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Thank You For Signing Up For Auto Bill Pay.eml
[2010/05/24 18:29:23 | 000,017,353 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Congratulations on Going Paperless.eml
[2010/05/24 18:28:13 | 000,021,556 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\DIRECTV ACCT_ INFORMATION.eml
[2010/05/24 16:53:27 | 000,004,130 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Important - Vonage Account Security Information.eml
[2010/05/24 16:52:51 | 000,009,778 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Important Information Regarding Your Vonage Account.eml
[2010/05/20 23:36:22 | 000,029,169 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\5% Cashback Bonus - You're Signed Up!.eml
[2010/05/20 23:36:06 | 000,002,928 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Order confirmation from NYTimes_com.eml
[2010/05/20 23:35:47 | 000,007,017 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Fwd_ 1 WEEK LEFT UNTIL YOUR SERVICE END DATE!.eml
[2010/05/17 10:07:24 | 000,003,109 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Settlement_.eml
[2010/05/14 17:03:27 | 000,010,560 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\FabricGuru_com_ Order #132121 has been completed.eml
[2010/05/14 08:56:22 | 000,003,689 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\WomanWithin Product Review notification.eml
[2010/05/02 12:02:38 | 000,031,360 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Your Woman Within Order Confirmation.eml
[2010/04/29 22:22:34 | 000,493,568 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Newsletter14.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 11:08:11 | 000,008,070 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Important Announcement From General Motors Company.eml
[2010/04/25 11:07:59 | 000,006,857 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\FW_ 10TH ANNUAL ALL CLASS REUNION  DATE 10-2-2010.eml
[2010/04/25 11:00:33 | 000,031,030 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Barbara, thank you, your return has been received.eml
[2010/04/25 11:00:00 | 000,010,921 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Adobe.eml
[2010/04/22 23:12:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\Adobe Reader 9.lnk
[2010/04/22 20:18:51 | 027,386,256 | ---- | M] (                                   ) -- C:\Documents and Settings\Barbara\My Documents\AdbeRdr930_en_US.exe
[2010/04/21 23:18:40 | 000,328,232 | ---- | M] () -- C:\Documents and Settings\Barbara\mills.lane.larry.stargel.news.clipping.msl.pdf
[2010/04/21 23:00:01 | 000,456,292 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\MA4RY.eml
[2010/04/16 11:43:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/02 16:28:51 | 000,030,363 | ---- | M] () -- C:\Documents and Settings\Barbara\Favorites.zip
[2010/04/01 19:58:46 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\Mozilla Firefox.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/06/23 16:40:13 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/23 16:34:53 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/23 16:26:10 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\NTREGOPT.lnk
[2010/06/23 16:26:10 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\ERUNT.lnk
[2010/06/22 22:52:14 | 000,156,280 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\graphics problem.JPG
[2010/06/22 21:35:47 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/22 20:21:31 | 000,037,137 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Silhouettes Cancelled Items- # P9180712.eml
[2010/06/22 20:20:25 | 000,027,686 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\1.eml
[2010/06/22 20:03:53 | 001,059,540 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Deleted Items.dbx
[2010/06/22 20:02:31 | 000,009,404 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Pop3uidl.dbx
[2010/06/22 20:02:28 | 000,076,500 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Outbox.dbx
[2010/06/22 20:02:27 | 001,190,612 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Inbox.dbx
[2010/06/22 20:02:27 | 000,075,204 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Folders.dbx
[2010/06/22 20:02:27 | 000,009,656 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Offline.dbx
[2010/06/22 19:31:03 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 22:17:04 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Revo Uninstaller.lnk
[2010/06/21 21:35:08 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Spyware collection.bmp
[2010/06/21 21:33:35 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/21 21:00:19 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/21 19:08:42 | 000,113,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/06/21 18:41:55 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\CCleaner.lnk
[2010/06/18 21:56:39 | 000,013,490 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\SmartBargains Order Confirmation #1095257216.eml
[2010/06/18 12:50:09 | 000,006,788 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Cancellation Confirmation.eml
[2010/06/18 12:48:37 | 000,152,280 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Vonage Visual Voicemail from 16787141495 - New Voicemail Received.eml
[2010/06/17 21:08:38 | 000,026,882 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\44.eml
[2010/06/13 13:08:57 | 000,026,939 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\4.eml
[2010/06/13 13:08:20 | 000,027,343 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\A large purchase has posted to your account.eml
[2010/06/13 13:07:45 | 000,002,482 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Payment receipt from April Painting Company, Inc_.eml
[2010/06/13 13:06:35 | 000,026,939 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Merchant refund_credit posted to your account2.eml
[2010/06/13 13:05:32 | 000,025,538 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Your payment has posted.eml
[2010/06/13 13:04:50 | 000,005,227 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Re_ [Ticket#2010060910025463] In Regards To Your Call To Archives_com.eml
[2010/06/09 17:31:29 | 001,509,799 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Invoice from April Painting Company, Inc_.eml
[2010/06/09 17:30:03 | 000,047,414 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Online Billing.mht
[2010/06/09 11:29:28 | 000,749,027 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\form.pdf
[2010/06/08 17:57:10 | 000,007,383 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\FW_  History lesson.eml
[2010/06/05 22:38:37 | 000,103,892 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Your DIRECTV Movie Guide.eml
[2010/05/31 22:27:19 | 000,182,284 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\GliddenMaterials.pdf
[2010/05/29 22:00:21 | 000,026,783 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Merchant refund_credit posted to your account.eml
[2010/05/29 21:59:34 | 000,012,600 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Re_ [Ticket#2010052910011307] Regarding your phone call to Archives.eml
[2010/05/29 11:38:02 | 002,299,816 | ---- | C] () -- C:\Documents and Settings\Barbara\2
[2010/05/28 16:54:09 | 000,003,286 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\3.eml
[2010/05/28 16:53:40 | 000,297,398 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\05_28_10 Estimate for Barbara LoCicero.eml
[2010/05/28 16:10:24 | 000,023,868 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Debit card change coming soon - please read.eml
[2010/05/28 13:08:34 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Barbara\05.19.10 Certificate of Insurance.txt
[2010/05/28 10:41:39 | 000,003,286 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Pressure Washing.eml
[2010/05/27 07:24:38 | 000,009,866 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\FW_ Remember Cell Phone Numbers go Public this month -.eml
[2010/05/27 07:19:13 | 000,022,771 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Your Paint, Varnish or Stain Interior Surfaces Project.eml
[2010/05/27 07:18:23 | 000,227,588 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Estimate for Barbara LoCicero.eml
[2010/05/27 07:17:39 | 000,008,947 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Re_ check.eml
[2010/05/27 07:12:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Adobe Reader 9.lnk
[2010/05/26 17:24:35 | 001,897,765 | ---- | C] () -- C:\Documents and Settings\Barbara\05-26-10 Estimate for Barbara LoCicero.prn
[2010/05/26 16:59:55 | 000,107,408 | ---- | C] () -- C:\Documents and Settings\Barbara\05-26-10 Estimate for Barbara LoCicero.pdf
[2010/05/24 18:29:40 | 000,019,150 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Thank You For Signing Up For Auto Bill Pay.eml
[2010/05/24 18:29:23 | 000,017,353 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Congratulations on Going Paperless.eml
[2010/05/24 18:28:13 | 000,021,556 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\DIRECTV ACCT_ INFORMATION.eml
[2010/05/24 16:53:27 | 000,004,130 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Important - Vonage Account Security Information.eml
[2010/05/24 16:52:51 | 000,009,778 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Important Information Regarding Your Vonage Account.eml
[2010/05/20 23:36:22 | 000,029,169 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\5% Cashback Bonus - You're Signed Up!.eml
[2010/05/20 23:36:06 | 000,002,928 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Order confirmation from NYTimes_com.eml
[2010/05/20 23:35:47 | 000,007,017 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Fwd_ 1 WEEK LEFT UNTIL YOUR SERVICE END DATE!.eml
[2010/05/17 10:07:24 | 000,003,109 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Settlement_.eml
[2010/05/14 17:03:27 | 000,010,560 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\FabricGuru_com_ Order #132121 has been completed.eml
[2010/05/14 08:56:22 | 000,003,689 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\WomanWithin Product Review notification.eml
[2010/05/02 12:02:38 | 000,031,360 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Your Woman Within Order Confirmation.eml
[2010/04/29 22:22:31 | 000,493,568 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Newsletter14.doc
[2010/04/25 11:08:11 | 000,008,070 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Important Announcement From General Motors Company.eml
[2010/04/25 11:07:58 | 000,006,857 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\FW_ 10TH ANNUAL ALL CLASS REUNION  DATE 10-2-2010.eml
[2010/04/25 11:00:33 | 000,031,030 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Barbara, thank you, your return has been received.eml
[2010/04/25 11:00:00 | 000,010,921 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\Adobe.eml
[2010/04/22 20:26:14 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/21 23:18:40 | 000,328,232 | ---- | C] () -- C:\Documents and Settings\Barbara\mills.lane.larry.stargel.news.clipping.msl.pdf
[2010/04/21 23:00:01 | 000,456,292 | ---- | C] () -- C:\Documents and Settings\Barbara\My Documents\MA4RY.eml
[2010/04/16 11:43:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/02 16:28:51 | 000,030,363 | ---- | C] () -- C:\Documents and Settings\Barbara\Favorites.zip
[2010/04/01 19:58:46 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\Mozilla Firefox.lnk
[2010/03/29 21:35:14 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Barbara\ntuser.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/05/29 14:57:59 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/11/15 05:59:08 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/11 19:17:32 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2008/10/11 15:23:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2008/10/11 15:23:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2008/10/11 15:23:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vorbisfile.dll
[2008/01/17 23:15:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/14 15:00:41 | 000,006,001 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/08/14 15:00:06 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/08/13 19:05:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/08/13 18:58:39 | 000,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/02/20 15:07:56 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2008/11/16 17:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2007/08/24 18:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/03/09 22:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2009/01/10 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/02/02 14:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/09/21 13:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/03/13 15:48:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\f7f1ff1
[2010/01/31 21:21:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\LPLYKDIEDQCG
[2009/01/10 20:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/14 10:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/09 12:31:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SAZOZOV
[2008/11/08 12:53:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/12/04 18:50:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Barbara\Application Data\.#
[2009/09/21 13:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Astro Gemini Software
[2009/01/08 18:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\AT&T
[2009/01/10 20:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\DriverCure
[2009/09/21 13:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\EmailNotifier
[2007/08/14 15:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Goodsol
[2008/09/21 20:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Image Zone Express
[2010/06/11 22:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\MSNInstaller
[2008/07/21 00:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Nexon
[2008/08/28 16:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Preclick
[2008/07/22 18:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Printer Info Cache
[2008/10/27 12:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Second Nature
[2009/12/04 18:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Stamps.com Internet Postage
[2009/09/21 13:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\TERMINAL Studio
[2008/08/28 17:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Wal-Mart
[2010/06/23 16:40:13 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/23 18:00:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2C24F1BB-37E7-47E4-97A5-95B2CA86C154}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2007/08/13 19:06:51 | 000,000,032 | ---- | M] () -- C:\ALCSetup.log
[2009/05/29 17:02:43 | 000,000,211 | --S- | M] () -- C:\boot.ini
[2008/08/08 22:09:41 | 000,000,144 | ---- | M] () -- C:\domains.dat
[2007/08/13 18:51:24 | 000,000,000 | --S- | M] () -- C:\IO.SYS
[2007/08/13 18:51:24 | 000,000,000 | --S- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | --S- | M] () -- C:\NTDETECT.COM
[2008/05/27 08:33:17 | 000,250,048 | --S- | M] () -- C:\ntldr
[2010/06/23 14:10:33 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2009/03/21 18:30:23 | 000,000,204 | ---- | M] () -- C:\Plugins
[2008/08/25 15:56:06 | 000,000,186 | ---- | M] () -- C:\xcrashdump.dat
[2008/10/11 15:17:02 | 000,000,098 | --S- | M] () -- C:\~tmp.txt
 
[color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color]
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/29 17:13:28 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4xl.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2007/08/13 14:36:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/08/13 14:36:20 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/08/13 14:36:20 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
 
[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
< End of report >