thanks again.
otl results:
OTL logfile created on: 2/16/2012 6:15:29 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\linda keplinger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.85 Mb Total Physical Memory | 689.77 Mb Available Physical Memory | 67.50% Memory free
2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 446.04 Gb Free Space | 95.77% Space Free | Partition Type: NTFS
Computer Name: LINDA | User Name: linda keplinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/12/30 09:09:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/18 05:32:52 | 000,077,824 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2005/08/18 05:13:48 | 000,122,880 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2005/08/18 05:08:59 | 000,069,632 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe
========== Modules (No Company Name) ========== MOD - [2012/02/16 14:39:07 | 001,706,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021601\algo.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/07 13:10:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ========== DRV - [2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/31 15:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/14 22:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 07:31:31 | 000,000,000 | ---D | M]
[2011/12/29 20:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Extensions
[2012/02/07 13:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions
[2012/02/07 13:09:37 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/02/07 12:06:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/14 16:31:02 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\searchplugins\wot-safe-search.xml
[2012/02/14 22:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/14 22:07:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/14 22:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 22:07:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
O1 HOSTS File: ([2012/02/15 21:35:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C29E42-F4C8-4A90-999E-C133909C9A64}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 18:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/02/16 18:12:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/15 21:25:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/15 21:23:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/15 21:23:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/15 21:23:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/15 21:23:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/15 21:23:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/15 21:23:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/15 21:23:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Administrative Tools
[2012/02/15 06:35:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\PrivacIE
[2012/02/14 18:45:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\IETldCache
[2012/02/14 18:41:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/14 18:40:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/02/14 18:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/14 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/13 15:25:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 13:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Temp
[2012/02/09 08:05:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/02/07 13:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\adaware
[2012/02/07 13:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/02/07 13:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/02/07 13:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 13:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/07 13:09:28 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/07 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/07 12:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/07 12:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/02/07 12:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/07 09:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/07 07:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/07 07:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/07 07:10:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/04 07:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/04 07:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/04 07:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2012/02/04 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/04 07:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/04 07:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\HpUpdate
[2012/02/04 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/04 07:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/04 07:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/02/04 07:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/04 07:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\HP
[2012/02/01 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/01 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/01 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/01/31 15:41:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\linda keplinger\UserData
[2012/01/31 15:24:22 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/31 15:24:22 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/31 15:24:22 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/31 15:24:22 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/31 15:24:22 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/31 15:24:22 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/31 15:24:22 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/31 15:24:22 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/31 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012/01/31 15:24:08 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/31 15:24:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
========== Files - Modified Within 30 Days ========== [2012/02/16 18:14:15 | 000,001,408 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2012/02/16 18:14:05 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/16 18:13:35 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 18:13:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 18:08:35 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\geeks 3.wps
[2012/02/16 18:07:58 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/16 17:45:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 07:59:28 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/15 22:07:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 21:35:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/15 21:25:24 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/02/15 18:42:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/15 18:38:55 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks2.wps
[2012/02/15 15:45:29 | 000,089,874 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 3.pdf
[2012/02/15 15:28:44 | 000,088,257 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 2.pdf
[2012/02/14 18:45:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/14 18:32:11 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to Downloads.lnk
[2012/02/14 17:19:52 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to SecurityCheck.exe.lnk
[2012/02/14 16:36:53 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/14 13:09:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/14 13:09:53 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/13 16:04:57 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to MBRCheck.exe.lnk
[2012/02/12 13:07:57 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/10 16:50:16 | 000,063,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 16:37:18 | 000,111,513 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/09 08:06:00 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/02/07 15:46:40 | 000,000,136 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 14:26:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 13:09:30 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:05:01 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/07 09:05:01 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/07 09:02:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/07 09:00:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/07 07:13:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/04 07:55:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/04 07:31:34 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/01 12:26:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:12:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/31 15:24:22 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/24 10:41:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ========== [2012/02/16 18:08:35 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\geeks 3.wps
[2012/02/15 21:25:24 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/02/15 21:25:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/15 21:23:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/15 21:23:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/15 21:23:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/15 21:23:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/15 21:23:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 18:38:54 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks2.wps
[2012/02/15 15:45:29 | 000,089,874 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 3.pdf
[2012/02/15 15:28:44 | 000,088,257 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney 2.pdf
[2012/02/15 06:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 06:37:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 18:32:11 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to Downloads.lnk
[2012/02/14 17:19:52 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to SecurityCheck.exe.lnk
[2012/02/13 16:04:57 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to MBRCheck.exe.lnk
[2012/02/12 13:07:57 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/12 12:44:18 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/11 12:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/11 12:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/10 16:50:16 | 000,063,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 15:08:39 | 000,111,513 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/07 15:46:40 | 000,000,136 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 13:09:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/07 13:09:30 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:01:08 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Internet Explorer.lnk
[2012/02/07 09:01:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 07:31:34 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/04 07:24:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/01 12:26:36 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:12:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/01 15:52:39 | 000,001,408 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2011/12/31 18:15:29 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2011/12/31 18:12:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/30 10:17:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/12/30 10:12:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 19:17:41 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\fusioncache.dat
[2011/12/29 18:18:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:12:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/29 11:18:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/29 11:15:38 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 16:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ========== [2012/02/08 11:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/01/31 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/29 19:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/02/07 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/10 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/01/01 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\Template
[2012/02/15 18:42:14 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ========== < End of report >
disk mgmt:
Volume - C:
File System - NTFS
Status - Healthy
Capacity - 465.75 GB
i really appreciate all your help.