Email hijacked - possibly from this computer

**Broni** · August 6th, 2010, 09:25 PM

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

==============================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Steph\My Documents\*.tmp files -> C:\Documents and Settings\Steph\My Documents\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**notcoleslaw** · August 6th, 2010, 10:53 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETD4.tmp deleted successfully.
C:\WINDOWS\System32\SETD8.tmp deleted successfully.
C:\WINDOWS\Fonts\SET17A.tmp deleted successfully.
C:\WINDOWS\002212_.tmp deleted successfully.
C:\Documents and Settings\Steph\My Documents\~WRL3850.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 83 bytes

User: All Users

User: Default
->Temp folder emptied: 3442361 bytes
->Temporary Internet Files folder emptied: 330033739 bytes
->Java cache emptied: 40964891 bytes
->Flash cache emptied: 402320 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: Eric
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 634116 bytes
->Google Chrome cache emptied: 7564598 bytes
->Flash cache emptied: 12076 bytes

User: Jeremy
->Temp folder emptied: 207463027 bytes
->Temporary Internet Files folder emptied: 122477816 bytes
->Java cache emptied: 21392087 bytes
->Flash cache emptied: 1157086 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Steph
->Temp folder emptied: 9381992 bytes
->Temporary Internet Files folder emptied: 26074017 bytes
->Java cache emptied: 5779544 bytes
->Google Chrome cache emptied: 10111525 bytes
->Flash cache emptied: 44081 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45220 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35374 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 751.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Eric
->Flash cache emptied: 0 bytes

User: Jeremy
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner

User: Steph
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_193158

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\MPSJULUP\show[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\WY45K3F0\show[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\schedule[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\show[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\CWGJEVDI\show[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\BN5NJDKW\show[1]. not found!
File\Folder C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\ARUNQXUZ\show[1]. not found!
File\Folder C:\Documents and Settings\Steph\Local Settings\Temp\~DF1B97.tmp not found!
File\Folder C:\Documents and Settings\Steph\Local Settings\Temp\~DF1BA9.tmp not found!
C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\OU5B7TER\52536f564245774c3863344144586768[4].htm moved successfully.
C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\OU5B7TER\iepngfix[1].htc moved successfully.
C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\CTD66W30\showthread[2].htm moved successfully.
C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6ec.dat not found!
File\Folder C:\WINDOWS\temp\ZLT0056f.TMP not found!

Registry entries deleted on Reboot...

**Broni** · August 6th, 2010, 11:00 PM

...and...

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**notcoleslaw** · August 6th, 2010, 11:31 PM

OTL logfile created on: 8/6/2010 7:54:35 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Steph\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 366.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 958 2274 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 6.81 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: Steph
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/03/29 11:37:13 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/03/29 11:37:02 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/03/29 11:36:22 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/03/29 11:30:47 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/03/29 11:11:18 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM95\aim.exe
PRC - [2004/12/17 00:38:30 | 001,491,968 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
PRC - [2004/06/16 04:48:24 | 000,697,624 | ---- | M] (Zone Labs Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2004/06/16 04:47:36 | 000,914,712 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
PRC - [2003/05/30 00:47:06 | 000,069,632 | ---- | M] () -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2003/05/15 16:45:54 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003/04/19 08:53:08 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe
PRC - [2003/03/26 20:41:10 | 000,053,248 | ---- | M] () -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2002/12/03 12:25:26 | 000,212,992 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/04/10 15:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/04/03 00:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2001/08/05 17:55:22 | 000,049,152 | ---- | M] () -- C:\WINDOWS\SYSTEM32\vnxserv.exe

========== Modules (SafeList) ==========

MOD - [2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe -- (WUSB54GSSVC)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/03/29 11:37:02 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/03/29 11:36:22 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/03/29 11:30:47 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/03/29 11:11:18 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2004/06/16 04:47:36 | 000,914,712 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/10/10 03:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel(R)
SRV - [2001/08/05 17:55:22 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\vnxserv.exe -- (VnxService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Steph\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2008/03/29 11:35:49 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/29 11:35:21 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/03/29 11:31:34 | 000,075,856 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/03/29 11:29:08 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/03/29 11:27:33 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/03/29 11:26:52 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2004/08/03 23:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/03 23:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:04:32 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/06/16 04:47:24 | 000,266,328 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2004/05/26 14:54:02 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/02/25 23:03:32 | 000,059,440 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/02/25 23:03:32 | 000,023,724 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/10/10 03:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/08/30 15:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2002/07/19 09:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/04/10 16:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 16:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 16:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 15:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 15:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/10/11 12:04:26 | 000,148,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\vnxtcp.sys -- (VnxTcp)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
DRV - [1999/03/23 21:10:01 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HPFECP20.SYS -- (HPFECP20)

**notcoleslaw** · August 6th, 2010, 11:32 PM

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial"
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 1.0\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2009/08/13 20:59:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/08/06 19:08:29 | 000,000,000 | ---D | M]

[2004/11/18 21:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\p2qr9d98.default\extensions
[2004/11/18 21:42:21 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Steph\Application Data\Mozilla\Firefox\Profiles\p2qr9d98.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/08/06 19:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 19:08:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2004/11/18 21:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2004/11/18 21:41:01 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/11/07 13:57:00 | 000,041,571 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2004/11/07 13:57:00 | 000,048,221 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2004/11/07 13:57:00 | 000,158,821 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2004/11/07 13:57:00 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2004/11/07 13:57:00 | 000,000,735 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2004/11/07 13:57:00 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2004/11/07 13:57:00 | 000,000,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2004/11/07 13:57:00 | 000,000,557 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.png
[2004/11/07 13:57:00 | 000,000,692 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.src
[2004/11/07 13:57:00 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2004/11/07 13:57:00 | 000,001,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2004/11/07 13:57:00 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2010/01/08 18:04:46 | 000,000,750 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2004/11/07 13:57:00 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2004/11/07 13:57:00 | 000,001,098 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2010/08/06 16:51:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CookiePatrol] C:\Program Files\PestPatrol\CookiePatrol.exe ()
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe ()
O4 - HKLM..\Run: [PPMemCheck] C:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKLM..\Run: [sr1exe] C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe (Dell)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/download...2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.dotphoto.com/DPImageUploader.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} http://install.wildtangent.com/bgn/p...im/install.cab (WTHoster Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Steph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 19:42:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/06 19:31:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/06 19:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/06 17:38:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
[2010/08/06 17:29:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/06 16:11:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/06 16:05:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/06 16:05:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/06 16:05:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/06 16:05:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/06 16:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/06 16:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/05 18:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steph\Application Data\Malwarebytes
[2010/08/05 18:13:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/05 18:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/05 18:13:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/05 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 10:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steph\My Documents\Downloads
[2010/06/18 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\Catan GmbH
[2010/06/06 15:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2003/02/25 22:47:02 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

**notcoleslaw** · August 6th, 2010, 11:33 PM

========== Files - Modified Within 90 Days ==========

[2010/08/06 19:48:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/08/06 19:48:41 | 000,000,891 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/06 19:46:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/06 19:46:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cb34deaa536.job
[2010/08/06 19:46:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 19:46:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/06 19:46:18 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 19:45:27 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Steph\NTUSER.DAT
[2010/08/06 19:45:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Steph\NTUSER.INI
[2010/08/06 19:21:18 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Steph\Desktop\JavaRa.zip
[2010/08/06 17:38:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steph\Desktop\OTL.exe
[2010/08/06 16:51:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 16:51:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/08/06 16:11:17 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/08/06 16:01:04 | 003,816,456 | R--- | M] () -- C:\Documents and Settings\Steph\Desktop\ComboFix.exe
[2010/08/05 18:13:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/31 17:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/27 18:16:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/19 22:15:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2010/07/07 10:45:25 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Word.lnk
[2010/06/23 09:13:16 | 000,488,566 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 09:13:16 | 000,432,796 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/23 09:13:16 | 000,067,370 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/15 05:38:37 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 08:11:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 14:54:16 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Steph\Local Settings\Application Data\housecall.guid.cache

========== Files Created - No Company Name ==========

[2010/08/06 19:21:17 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Steph\Desktop\JavaRa.zip
[2010/08/06 16:11:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/06 16:11:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/06 16:05:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 16:05:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/06 16:05:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/06 16:05:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/06 16:05:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/06 16:00:57 | 003,816,456 | R--- | C] () -- C:\Documents and Settings\Steph\Desktop\ComboFix.exe
[2010/08/05 18:13:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/15 10:50:55 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0cb34deaa536.job
[2010/06/06 14:54:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Steph\Local Settings\Application Data\housecall.guid.cache
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/04/14 16:23:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/04/14 16:23:31 | 000,000,130 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/14 15:34:10 | 000,000,219 | ---- | C] () -- C:\WINDOWS\HPFTBX20.INI
[2007/04/14 15:34:10 | 000,000,193 | ---- | C] () -- C:\WINDOWS\hpc.ini
[2007/04/14 12:10:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/14 12:10:42 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/05/29 16:41:22 | 000,000,134 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/03 21:59:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/06/03 21:59:40 | 000,001,785 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2004/11/09 17:47:36 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/03/18 20:31:27 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2004/01/28 17:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/01/19 20:51:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/27 13:53:54 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2003/06/08 18:42:52 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/08 15:59:35 | 000,148,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\vnxtcp.sys
[2003/05/24 09:56:19 | 000,053,889 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/03/31 21:01:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/03/26 22:00:53 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Epson640.ini
[2003/03/26 21:39:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/03/26 21:39:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/03/26 17:11:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/03/26 17:11:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/03/26 17:11:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/03/26 16:56:28 | 000,000,427 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/02/25 23:05:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/25 22:49:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/02/25 22:49:17 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/02/25 22:47:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/02/25 22:47:02 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/02/25 22:47:02 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/02/25 22:47:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/02/25 22:47:00 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/02/25 22:47:00 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/02/25 22:47:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/02/25 22:46:01 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/02/25 22:42:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/25 22:20:40 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 13:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/09/19 13:41:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2000/10/23 18:12:34 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\std-2.1-vc5.0-mt.dll
[1999/03/23 21:10:07 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HPFpcl20.dll
[1999/03/23 21:10:07 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\HPFcbl20.dll
[1999/03/23 21:10:06 | 000,209,408 | ---- | C] () -- C:\WINDOWS\System32\HPFwin20.dll
[1999/03/23 21:10:06 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\HPFnet20.dll
[1999/03/23 21:10:05 | 001,145,344 | ---- | C] () -- C:\WINDOWS\System32\HPFtrl20.dll
[1999/03/23 21:10:05 | 000,401,920 | ---- | C] () -- C:\WINDOWS\System32\HPFui20.dll
[1999/03/23 21:10:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\HPFtst20.dll
[1999/03/23 21:10:04 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\HPFsrl20.dll
[1999/03/23 21:10:04 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\HPFrsa20.dll
[1999/03/23 21:10:04 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\HPFrsu20.dll
[1999/03/23 21:10:03 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\HPFmrl20.dll
[1999/03/23 21:10:03 | 000,137,232 | ---- | C] () -- C:\WINDOWS\System32\HPFmlc20.dll
[1999/03/23 21:10:03 | 000,069,284 | ---- | C] () -- C:\WINDOWS\System32\HPFpml20.dll
[1999/03/23 21:10:03 | 000,057,240 | ---- | C] () -- C:\WINDOWS\System32\HPFmem20.dll
[1999/03/23 21:10:03 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\HPFmon20.dll
[1999/03/23 21:10:02 | 001,777,664 | ---- | C] () -- C:\WINDOWS\System32\HPFimg20.dll
[1999/03/23 21:10:02 | 000,033,384 | ---- | C] () -- C:\WINDOWS\System32\HPFiop20.dll
[1999/03/23 21:10:01 | 000,052,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\HPFecp20.sys
[1999/03/23 21:10:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\HPFhrl20.dll
[1999/03/23 21:10:00 | 000,194,048 | ---- | C] () -- C:\WINDOWS\System32\HPFcps20.dll
[1999/03/23 21:10:00 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\HPFcnt20.dll
[1999/03/23 21:10:00 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\HPF24r20.dll
[1999/03/23 21:10:00 | 000,072,368 | ---- | C] () -- C:\WINDOWS\System32\HPFcom20.dll
[1999/03/23 21:07:53 | 000,004,715 | ---- | C] () -- C:\WINDOWS\System32\HPFlnk20.ini
[1999/03/23 21:07:22 | 000,048,292 | ---- | C] () -- C:\WINDOWS\System32\HPFlpm20.dll

========== LOP Check ==========

[2008/08/29 08:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2006/12/31 18:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/04/14 16:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/08/28 20:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/06 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/28 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
[2008/08/28 20:42:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F7498CBA-F30B-4739-8CF3-167AF0872B2E}
[2005/09/28 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Aim
[2003/07/27 13:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\ChessBase
[2010/04/21 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Image Zone Express
[2003/04/13 16:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\InterTrust
[2006/02/20 20:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Leadertech
[2005/08/31 16:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Musicmatch
[2007/04/14 16:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\pdf995
[2010/04/21 18:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Printer Info Cache
[2008/02/20 23:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Uniblue
[2007/01/17 23:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\Viewpoint
[2010/03/09 22:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steph\Application Data\VirtualStore
[2003/03/25 22:19:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2010/07/19 22:15:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/02/20 23:15:25 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job

========== Purity Check ==========

< End of report >

**Broni** · August 6th, 2010, 11:34 PM

Very good

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

**notcoleslaw** · August 6th, 2010, 11:46 PM

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Antivirus
McAfee.com SecurityCenter
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (1.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
PestPatrol PPControl.exe
PESTPA~1 CookiePatrol.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

**Broni** · August 7th, 2010, 12:17 AM

When Kaspersky finishes and your computer is clean, it'll be time to apply SP3.

Mozilla Firefox (1.0.) Firefox Out of Date!

Do you use Firefox at all? If not, uninstall it, or install the latest version.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

**notcoleslaw** · August 7th, 2010, 02:17 PM

The Kaspersky scan found no threats. Yay!!

In installed SP3.
I upgraded Firefox.
I uninstalled Adobe Reader with the intention of installing Foxit. I found it really annoying that you had to accept the Babylon installation, toolbar, and homepage setting to get to the install. I accepted (figuring I could turn that off after -- or uninstall, but my husband is into languages, so I thought he might like it). It got through the babylon install, but then Avast identified the Win32

elf-NEM in the PrinterSetup.exe, so I couldn't complete the install. Should I disable avast, and try again? Is that appropriate?

**notcoleslaw** · August 7th, 2010, 02:19 PM

That should read Win32<colon>Delf-NEM

**Broni** · August 7th, 2010, 09:53 PM

You simply didn't pay attention to my previous post:

Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

You don't want to install anything else, but just Foxit Reader.

In any case...

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

**notcoleslaw** · August 14th, 2010, 01:39 AM

It's been a tough week. Just getting back to this project, which appears about done.

Really, though -- I had to agree to Babylon in order to get to the install of the reader -- there was no way to unselect it. I tried a 3rd time today, and avast complained about a malware "dropper" in the downloaded exe, so unfortunately, I thought it best to go with adobe.

Did all your suggested things, and I think I'll sleep better at night now. Thanks for all your help -- you are awesome!

One last thing. The hard drive is still unplugged , and I have to scan that. Should I just plug it back in, and check with avast, or do you suggest another scan program?

**Broni** · August 14th, 2010, 01:49 AM

Scanning with Avast will be fine.
Assuming this is USB external drive....
I want your main drive to be safe, so...

Download, and run Flash Disinfector, and save it to your desktop.

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

**notcoleslaw** · August 14th, 2010, 04:34 PM

Everything looks good. No infected files found on external drive. Thanks again for your help.

Thread: Email hijacked - possibly from this computer

Thread Tools

Search Thread

Display

OTL - part 1

Step 1 complete

Thread Information

Users Browsing this Thread

Posting Permissions