Email hacked and now IE running so slow

My emails on hotmail was recently hacked and sent all my email addresses a viagra email. Since it was connected to other emails, it was sent off of them too. Also I noticed my IE is really slow to open up a page. Also when I open my Quick Books it is even slower. Could you help me find out why this is and what can I do regarding the emails to be safe..... Thank you, Valerie

If you have Malwarebytes Anti-Malware, please run a scan and post a log.

Following is the Malware log. Seems like Quick Books runs slow and states "Server Busy" click to "switch to" to get in it. Not sure what to do about that.... Thank you... Valerie

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Valerie :: VALERIE-DAAA710 [administrator]

7/9/2012 8:01:48 PM
mbam-log-2012-07-09 (20-01-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236826
Time elapsed: 22 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
  %AppData%\Local\
  %systemroot%\system32\sysprep
  *.xpi /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  %USERPROFILE%\AppData\Local\ /s
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %PROGRAMFILES%\*.
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  tcpip.sys
  netbt.sys
  ipsec.sys
  dnsrslvr.dll
  ipnathlp.dll
  netman.dll
  WMIsvc.dll
  srsvc.dll
  sr.sys
  wscsvc.dll
  wuauserv.dll
  qmgr.dll
  es.dll
  cryptsvc.dll
  svchost.exe
  rpcss.dll
  tdx.sys
  wininit.exe
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop
  
• Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    
  
  

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

OTL logfile created on: 7/10/2012 4:52:22 PM - Run 10
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valerie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 200.00 Gb Free Space | 85.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIE-DAAA710
Current User Name: Valerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/09 17:38:16 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE
PRC - [2011/11/09 11:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
PRC - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjcoms.exe
PRC - [2002/12/12 08:45:00 | 000,541,184 | R--- | M] (Symantec Corporation) -- C:\Program Files\WinFax\WFXMOD32.EXE
PRC - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\WFXSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/10 17:45:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valerie\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/09 11:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/07/12 17:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2000/09/28 23:58:42 | 000,129,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 02:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 02:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 02:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE8HP&PC=DI215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE8HP&PC=DI215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.10
FF - prefs.js..extensions.enabledItems: feedly@devhd:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 11:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 11:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 11:35:12 | 000,000,000 | ---D | M]

[2011/03/09 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Extensions
[2011/11/02 14:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions
[2011/03/10 13:43:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/15 09:31:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/08/29 09:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/06/11 13:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd
[2011/08/29 09:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\staged-xpis
[2011/06/11 13:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\5jcuws0m.default\extensions\feedly@devhd\content\app\extension
[2011/11/08 11:26:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 17:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/26 14:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/24 09:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/04 14:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/04/04 14:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/30 11:09:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 14:12:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK - C:\Program Files\WinFax\WFXCTL32.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk - C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Remote Access.lnk - C:\WINDOWS\Downlo~1\MyWebEx\319\raagtx.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk - C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Valerie^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\Valerie\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BbInstallUser - hkey= - key= - C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe File not found
MsConfig - StartUpReg: BbPrintMonitor - hkey= - key= - C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe File not found
MsConfig - StartUpReg: Carbonite Backup - hkey= - key= - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Valerie\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: dlcjmon.exe - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
MsConfig - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig - StartUpReg: JFSW2Launch - hkey= - key= - C:\Documents and Settings\Valerie\Application Data\Transcend\JFSW2\JFSW2Launch.exe ()
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - StartUpReg: WFXSwtch - hkey= - key= - C:\Program Files\WinFax\WFXSWTCH.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {188D7FBC-A52A-50CB-B301-5D968EF05E48} - Outlook Express
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Adobe
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{b30f4ac7-6308-4419-873e-a36803b2149b} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/18 14:11:59 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 16:29:51 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[6 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 17:20:50 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/10 15:20:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/10 09:02:03 | 000,155,735 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\INVOICE 001.jpg
[2012/07/10 08:02:40 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76D70BD6-ADEF-4772-B82F-52AD730EEB58}.job
[2012/07/09 19:57:51 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 19:53:30 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Principe, Donte and Lisa 2012.doc
[2012/07/09 19:51:44 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Wilm U Bookstore.doc
[2012/07/09 17:56:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/09 16:03:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/07/09 16:03:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/09 16:02:14 | 000,001,099 | ---- | M] () -- C:\WINDOWS\win.ini
[2012/07/09 16:02:06 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure Startup.job
[2012/07/09 16:01:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/07/09 16:01:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/08 11:16:49 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2012/07/06 17:42:56 | 000,501,784 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Vista Performance Data-20GlassTypes.pdf
[2012/07/06 17:40:11 | 000,451,386 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\LLumar Performance Data-21 glass types.pdf
[2012/07/06 17:37:00 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\Microsoft Office Word 2003.lnk
[2012/07/06 17:31:53 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\LETTERHEAD DGT_Commercial.doc
[2012/07/06 17:31:25 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\LETTERHEAD DGT_Commercial.doc
[2012/07/06 13:56:58 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\A'Pizze Tuscan Grill.doc
[2012/07/06 13:54:22 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Giunta, Barbara2.doc
[2012/07/04 19:49:05 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Hannum, Marge.doc
[2012/07/04 19:49:05 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$nnum, Marge.doc
[2012/07/04 19:46:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$ckman, Jon2.doc
[2012/07/02 16:21:50 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Tima, Gordon3.doc
[2012/07/02 16:09:05 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Tima, Gordon2.doc
[2012/07/01 20:07:54 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Valerie\ntuser.dat
[2012/07/01 20:07:46 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Valerie\ntuser.ini
[2012/07/01 20:07:34 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Valerie\Local Settings\Application Data\IconCache.db
[2012/06/29 15:10:24 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Valerie\My Documents\~$ith, Joanne2.doc
[2012/06/28 22:35:28 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\White, Harvey.doc
[2012/06/28 21:51:00 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary[3].doc
[2012/06/28 16:36:58 | 000,278,708 | ---- | M] () -- C:\Documents and Settings\Valerie\Desktop\VISTA PRODUCT SPECIFICATION[1].pdf
[2012/06/28 16:25:11 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary[2].doc
[2012/06/27 09:45:38 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Smith, Joanne2.doc
[2012/06/25 19:00:06 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/06/22 11:58:50 | 000,039,493 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\IRSBill of Rights.pdf
[2012/06/20 00:14:29 | 000,505,790 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/06/20 00:14:29 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/20 00:14:29 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 15:35:05 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Deluca, John2.doc
[2012/06/18 14:24:52 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Smith, Joanne.doc
[2012/06/18 14:04:43 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\DSI Renal.doc
[2012/06/18 13:48:54 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary.doc
[2012/06/18 12:11:35 | 001,194,113 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\ENERLOGIC.zip
[2012/06/18 12:11:08 | 001,190,553 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\VISTA INFO VEP35 VEP 70 AND VE 50.pdf
[2012/06/14 20:08:57 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Dover Art League.doc
[2012/06/14 14:51:29 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 21:44:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 21:21:46 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Southridge Clubhouse_Prettyman.doc
[2012/06/13 11:37:08 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Shoop, Debbie2.doc
[2012/06/13 11:07:53 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Mannion, Joe.doc
[2012/06/13 10:28:38 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Air Liquide 1.doc
[2012/06/12 08:50:27 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\American Signature.doc
[2012/06/11 15:40:06 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Rhee, Sue.doc
[2012/06/11 15:30:42 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Dixon, Marci.doc
[2012/06/11 15:09:06 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Tull, Sandy.doc
[2012/06/11 13:36:33 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Thompson, Brooke.doc
[2012/06/11 10:27:59 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Valerie\My Documents\Duymovic, E.doc
[6 C:\Documents and Settings\Valerie\My Documents\*.tmp files -> C:\Documents and Settings\Valerie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 09:03:04 | 000,155,735 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\INVOICE 001.jpg
[2012/07/09 19:53:29 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Principe, Donte and Lisa 2012.doc
[2012/07/09 19:51:42 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Wilm U Bookstore.doc
[2012/07/06 17:42:56 | 000,501,784 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Vista Performance Data-20GlassTypes.pdf
[2012/07/06 17:40:11 | 000,451,386 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\LLumar Performance Data-21 glass types.pdf
[2012/07/06 17:31:52 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\LETTERHEAD DGT_Commercial.doc
[2012/07/06 17:31:24 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\LETTERHEAD DGT_Commercial.doc
[2012/07/06 13:56:57 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\A'Pizze Tuscan Grill.doc
[2012/07/06 13:42:52 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Giunta, Barbara2.doc
[2012/07/04 19:49:05 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$nnum, Marge.doc
[2012/07/04 19:49:03 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Hannum, Marge.doc
[2012/07/04 19:46:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$ckman, Jon2.doc
[2012/07/02 16:21:49 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Tima, Gordon3.doc
[2012/07/02 16:09:05 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Tima, Gordon2.doc
[2012/06/29 15:10:24 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Valerie\My Documents\~$ith, Joanne2.doc
[2012/06/28 22:35:26 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\White, Harvey.doc
[2012/06/28 21:50:54 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary[3].doc
[2012/06/28 16:36:57 | 000,278,708 | ---- | C] () -- C:\Documents and Settings\Valerie\Desktop\VISTA PRODUCT SPECIFICATION[1].pdf
[2012/06/28 16:25:10 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary[2].doc
[2012/06/27 09:45:36 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Smith, Joanne2.doc
[2012/06/25 19:00:06 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/06/25 19:00:05 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/06/22 11:58:50 | 000,039,493 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\IRSBill of Rights.pdf
[2012/06/18 14:33:12 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Deluca, John2.doc
[2012/06/18 14:24:52 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Smith, Joanne.doc
[2012/06/18 14:04:42 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\DSI Renal.doc
[2012/06/18 12:11:34 | 001,194,113 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\ENERLOGIC.zip
[2012/06/18 12:11:07 | 001,190,553 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\VISTA INFO VEP35 VEP 70 AND VE 50.pdf
[2012/06/18 10:50:41 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Prospect Mill Elementary.doc
[2012/06/13 21:21:45 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Southridge Clubhouse_Prettyman.doc
[2012/06/13 11:36:32 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Shoop, Debbie2.doc
[2012/06/13 11:07:52 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Mannion, Joe.doc
[2012/06/13 10:28:37 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Air Liquide 1.doc
[2012/06/11 15:39:19 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Rhee, Sue.doc
[2012/06/11 15:21:49 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Dixon, Marci.doc
[2012/06/11 15:02:36 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Tull, Sandy.doc
[2012/06/11 14:33:07 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\American Signature.doc
[2012/06/11 13:36:32 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Thompson, Brooke.doc
[2012/06/11 10:27:58 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Valerie\My Documents\Duymovic, E.doc
[2012/02/16 03:31:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/19 20:33:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/02/16 12:57:24 | 000,000,134 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/19 20:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Valerie.ini
[2009/04/21 21:05:26 | 000,000,070 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/04/02 21:02:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/30 15:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2008/04/30 15:17:21 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2008/04/30 15:17:21 | 000,000,378 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2008/04/30 15:17:18 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/04/29 11:40:08 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\dlcjvs.dll
[2008/04/29 11:39:08 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll
[2008/04/29 11:39:08 | 001,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll
[2008/04/29 11:39:08 | 000,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll
[2008/04/29 11:39:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll
[2008/04/29 11:39:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll
[2008/04/29 11:39:07 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll
[2008/04/29 11:39:07 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll
[2008/04/29 11:39:07 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll
[2008/04/29 11:39:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll
[2008/04/29 11:39:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll
[2008/04/29 11:39:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll
[2008/04/29 11:39:04 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll
[2008/04/29 11:39:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll
[2008/04/29 11:39:03 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll
[2008/04/29 11:39:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll
[2008/04/29 11:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll
[2008/04/29 11:39:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/18 14:48:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/18 14:47:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/01 12:53:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[

color=#E56717]========== Custom Scans ==========[/color]


< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DcCam.sys
[2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DcFpoint.sys
[2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DCFS2k.sys
[2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DcLps.sys
[2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\DcPtp.sys
[2004/08/04 04:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drvmcdb.sys
[2004/08/13 03:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\drvnddm.sys
[2007/11/16 11:55:00 | 000,165,496 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\e100b325.sys
[2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ExportIt.sys
[2005/10/14 17:15:18 | 001,302,812 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\IntelC51.sys
[2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\IntelC52.sys
[2004/06/15 23:52:40 | 000,061,157 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\IntelC53.sys
[2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys
[2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys
[2010/10/01 10:37:50 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys
[2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys
[2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys
[2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\MODEMCSA.sys
[2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\mohfilt.sys
[2004/08/12 09:26:42 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ptilink.sys
[2009/05/30 07:28:39 | 000,043,528 | ---- | M] (Sonic Solutions) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pxhelp20.sys
[2009/01/09 16:18:02 | 000,027,136 | R--- | M] (Research in Motion Ltd) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\RimSerial.sys
[2008/04/13 12:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sscdbhk5.sys
[2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ssrtln.sys
[2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\usbaudio.sys

< %systemroot%\system32\drivers\*.sys /90 >
[2012/05/02 09:46:36 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< %systemroot%\System32\config\*.sav >
[2008/04/18 08:24:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/18 08:24:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/18 08:24:46 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2004/08/12 09:19:04 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[2008/04/13 20:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll
[2010/10/05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll
[2004/08/12 09:23:50 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll
[2008/04/13 20:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2008/04/13 20:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\snmpapi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2008/04/30 12:38:22 | 000,000,000 | ---D | M] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2009/04/02 21:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2011/03/10 09:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/02/22 16:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/10/29 11:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2012/02/22 16:17:41 | 000,000,000 | ---D | M] -- C:\Program Files\Bluebeam Software
[2010/02/12 11:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2008/04/30 13:28:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/02/22 16:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/18 14:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/11/30 19:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/04/21 11:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/04/03 07:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\DeductionPro 2008
[2008/04/18 14:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/01/25 11:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 964
[2010/02/12 18:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2012/07/10 10:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2011/01/31 21:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/02/22 16:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/03/12 21:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/06/13 21:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/04/18 14:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2008/04/21 16:05:17 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2011/10/24 09:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/04/04 14:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2009/04/02 13:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2012/07/09 19:57:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 10:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/03/23 20:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/04/18 14:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/04/18 14:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/07/26 17:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/23 20:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/04/18 14:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/24 00:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/02/19 20:02:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/25 12:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\MIE
[2010/08/12 00:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/11/08 11:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/05 21:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/05/12 11:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/01 08:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/04/18 14:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/05/21 16:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/01 08:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/01/31 21:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2010/10/05 14:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\One-Click Export
[2008/04/18 14:10:55 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 16:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/02/12 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/11/15 14:11:12 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2011/02/01 14:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/05 21:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/11 09:51:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sapro Systems Paymee V3
[2008/04/18 14:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/06/16 13:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2012/02/06 07:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/09/20 12:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Swag_Bucks
[2008/04/30 15:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/05/19 11:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\TaxCut08
[2009/01/27 14:43:37 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/01/25 15:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/03/18 15:24:14 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2008/04/18 15:33:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/01/10 13:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2011/10/24 09:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2010/03/23 20:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/02/27 18:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/04/15 20:48:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/04/15 20:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/04/01 08:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/04/18 14:11:00 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/12/05 13:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinFax
[2008/04/18 14:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/12/15 14:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Yontoo Layers Client

< %appdata%\*.* >
[2008/04/18 08:26:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Valerie\Application Data\desktop.ini
[2010/09/01 10:50:51 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Rim.Desktop.Exception.log
[2010/09/20 12:10:44 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Rim.Desktop.HttpServerSetup.log
[2009/02/26 10:50:36 | 000,013,019 | ---- | M] () -- C:\Documents and Settings\Valerie\Application Data\Tab Separated Values (Windows).CAL


< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/12 09:17:18 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/01 07:54:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/12 09:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/12 09:18:18 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2004/08/12 09:18:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 13:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/13 20:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/04/13 20:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2008/07/07 16:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
[2004/08/12 09:19:02 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\WINDOWS\$NtUninstallKB950974_0$\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\ERDNT\cache\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 16:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/12 09:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2004/08/12 09:20:10 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2004/08/12 09:20:13 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\ipsec.sys

< MD5 for: NETBT.SYS >
[2004/08/12 09:24:17 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2004/08/12 09:24:32 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2004/08/12 09:26:48 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/12 09:27:25 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 06:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/12 09:28:09 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2004/08/12 09:29:57 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/12 09:29:59 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/12 09:30:22 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004/08/12 09:30:46 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/12 09:31:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2004/08/12 09:32:26 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/12 09:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2004/08/12 09:34:10 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2004/08/12 09:34:40 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/12 09:34:56 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.QuickBooks.FCS\1.3.0.0__5b3f47ba29970ccb] -> C:\WINDOWS\WinSxS\MSIL_Intuit.QuickBooks.FCS_5b3f47ba29970ccb_1.3.0.0_x-ww_d936dcb9 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\LARRYS PICS 001.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 2007.png:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Valerie\My Documents\christmas pics 1 2007.png:SummaryInformation
< End of report >

This may seem a little wild, but I got a bad feeling about your system (or I may be a hypochondriac)..

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
  
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.
  If so, click it, then click the next icon right below and select Move incurable.
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

OTL.exe;C:\Documents and Settings\Valerie\My Documents\Downloads;Trojan.Siggen2.25631;Incurable.Moved.;

Apparently not bad. The system should be fine now.

Have you changed the password on your email account? Has it worked, if so?

Yes, I did change the password on email account and it does run great! Thank you so much for your help!!!

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
  
• Ran OTC
  
• Ran TFC
  
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.