Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Search captured by Qbyrd/IAC Search & Media [Closed]

Started by ldavid , Feb 14 2012 08:10 PM

  • This topic is locked This topic is locked

#1
ldavid
Posted 14 February 2012 - 08:10 PM

ldavid

    Member

  • Member
  • PipPip
  • 15 posts
When I search for links in IE, Firefox or Chrome (appears all three are using google search), the answer screen reads at the bottom "IAC Search and Media" and includes only Sponsored links. I think this is Qbyrd. I can't get rid of it.

OTL logfile created on: 2/14/2012 7:27:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Larry Stanford\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.02% Memory free
4.82 Gb Paging File | 4.16 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.02 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 101.18 Gb Free Space | 67.88% Space Free | Partition Type: NTFS

Computer Name: HOME-OFFICE-PC | User Name: Larry Stanford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 19:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Stanford\My Documents\Downloads\OTL.exe
PRC - [2012/01/27 00:49:32 | 001,048,560 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/10/28 06:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe
PRC - [2009/10/28 06:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe
PRC - [2009/07/20 11:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/08/21 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/21 04:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/14 08:15:44 | 001,692,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021401\algo.dll
MOD - [2012/02/14 02:09:56 | 001,692,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021400\algo.dll
MOD - [2012/01/27 00:49:31 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppgooglenaclpluginchrome.dll
MOD - [2012/01/27 00:49:29 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
MOD - [2012/01/27 00:48:06 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avutil-51.dll
MOD - [2012/01/27 00:48:05 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avformat-53.dll
MOD - [2012/01/27 00:48:03 | 001,746,944 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\avcodec-53.dll
MOD - [2012/01/26 21:41:13 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
MOD - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
MOD - [2009/10/28 10:38:50 | 000,118,784 | ---- | M] () -- c:\Program Files\Common Files\aol\1258429684\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll
MOD - [2009/10/28 06:38:50 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.5\xmltok.dll
MOD - [2009/10/28 06:38:50 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.5\xmlparse.dll
MOD - [2009/10/28 06:38:50 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.5\zlib.dll
MOD - [2009/10/28 06:38:42 | 000,090,112 | ---- | M] () -- C:\Program Files\AOL 9.5\components\Tier2Svc.dll
MOD - [2009/10/28 06:38:42 | 000,061,440 | ---- | M] () -- C:\Program Files\AOL 9.5\components\DataSvcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 07:27:57 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/08/21 04:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/01/31 07:28:20 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/07/14 06:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/06/01 11:13:30 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com"
FF - prefs.js..keyword.URL: "http://dts.search-re...emid=2&sr=0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 20:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/09 09:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions
[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions\[email protected]
[2012/02/11 16:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions
[2012/02/11 09:41:56 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/02/11 16:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/11 09:32:27 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/02/11 09:41:16 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\searchplugins\Search_Results.xml
[2012/02/09 09:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 09:41:16 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2011/08/27 02:23:56 | 000,437,090 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15040 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260325916326 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67E3C04D-E519-41D0-8CAA-BD01D2F9ED8E}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD74933-1A84-4764-819D-FAF432F060FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 10:24:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Google Chrome
[2012/02/13 22:41:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Stanford\Recent
[2012/02/11 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/11 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2012/02/11 09:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23222
[2012/02/11 09:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/02/11 09:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\iMesh
[2012/02/11 09:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iMesh
[2012/02/11 09:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2012/02/11 09:39:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2012/02/11 09:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/02/11 09:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Conduit
[2012/02/11 09:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2012/02/05 12:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Microsoft Office
[2012/01/30 11:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\AVG
[2012/01/30 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/01/26 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 19:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/14 18:54:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/14 18:44:02 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 16:05:18 | 000,000,178 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/02/14 15:44:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 12:45:36 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/14 12:43:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/14 12:43:35 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/14 12:39:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/14 11:54:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/14 11:50:26 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/14 11:50:26 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 06:00:44 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/13 23:00:16 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/02/11 12:18:26 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 12:18:10 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 09:40:22 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012/02/11 09:40:22 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\iMesh.lnk
[2012/02/09 09:05:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/09 09:05:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/05 09:08:50 | 000,359,049 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:32:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:32:26 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/31 07:28:24 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/30 06:47:06 | 007,030,167 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk
[2012/01/21 13:00:06 | 000,081,179 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\image002.zip
[2012/01/21 12:56:05 | 000,037,073 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\MailAttachment.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 11:50:26 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/14 11:50:26 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 11:49:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/14 11:49:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/11 12:18:26 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 12:18:10 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 09:40:22 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2012/02/11 09:40:22 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\iMesh.lnk
[2012/02/05 09:08:47 | 000,359,049 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:29:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:29:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/30 12:06:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/30 06:46:39 | 007,030,167 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk
[2012/01/21 13:00:06 | 000,081,179 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\image002.zip
[2012/01/21 12:56:04 | 000,037,073 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\MailAttachment.zip
[2011/12/02 22:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2011/03/28 19:48:58 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2011/02/09 21:00:04 | 000,466,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/08 18:45:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/03/04 23:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 17:43:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 03:29:02 | 000,006,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/06 11:35:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/12/02 13:27:49 | 000,000,178 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/12/01 10:46:43 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/27 13:51:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/24 08:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/20 19:58:37 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2009/11/16 19:45:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/03/04 10:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 10:22:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/04 09:36:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 08:13:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/03/04 08:12:59 | 000,480,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 08:12:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/04 08:12:59 | 000,085,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/04 08:12:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/04 08:12:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/04 08:12:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/04 08:12:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/04 08:12:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/04 08:12:58 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/04 08:12:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/04 08:12:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/04 08:12:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/04 02:19:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/04 02:18:20 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2000/02/23 22:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2000/01/10 08:34:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\MSPUNIN.EXE
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2011/12/03 21:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1261
[2011/12/03 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F157
[2012/02/11 09:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\23222
[2009/11/24 07:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/02/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/28 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/11 12:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/08/21 07:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/02/11 09:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2011/02/09 21:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/01/09 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/01 07:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/01/31 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/16 19:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/02/11 09:42:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
[2010/12/04 10:54:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/11/24 07:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ACD Systems
[2012/01/30 11:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\AVG
[2012/02/11 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2009/11/22 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Blitware
[2009/12/01 19:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/16 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.w3i.musicoasis
[2009/12/03 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DeepBurner Pro
[2010/01/09 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Downloaded Installations
[2011/02/21 09:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ElevatedDiagnostics
[2011/10/02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\FrostWire
[2010/03/17 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\GlarySoft
[2009/12/02 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\InfraRecorder
[2010/11/16 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\LimeWire
[2012/02/11 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2011/12/09 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nitro PDF
[2010/01/05 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nuance
[2011/12/15 06:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\PerformerSoft
[2011/12/06 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SoftGrid Client
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Softland
[2010/04/23 06:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TechSmith
[2011/08/06 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TP
[2011/12/03 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincorebsband
[2011/12/05 06:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincoreimband
[2012/02/14 19:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 2/14/2012 7:27:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Larry Stanford\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 77.02% Memory free
4.82 Gb Paging File | 4.16 Gb Available in Paging File | 86.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.02 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 101.18 Gb Free Space | 67.88% Space Free | Partition Type: NTFS

Computer Name: HOME-OFFICE-PC | User Name: Larry Stanford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{118792B0-F470-11D3-86A9-00C04F6E09F2}" = Microsoft Project 2000
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B1DB2FA-9E05-3494-B7CE-16F3236CAE3F}" = Acrobat.com
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2FA6BA68-FDF6-4bd9-81EE-079855E89989}_is1" = DART CD-Recorder 4
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47FBE890-FBEA-4FB4-BAB1-718E842B7425}" = ACDZip
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59FCBBA8-051C-4F56-8FBF-D45AE8080863}" = Complete CD Maker
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5D17D8A0-5DA5-4F8F-8F25-3D5CDAFA1E71}" = Nitro PDF Professional
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8D215E1-A83B-4469-9270-6730D1CAC824}" = Nero BackItUp and Burn 1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"hp deskjet 940c series_Driver" = hp deskjet 940c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iMesh" = iMesh
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"Liberty for DOS 4.0" = Liberty for DOS 4.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Excel Version 2002 Inside Out eBook" = Microsoft Excel Version 2002 Inside Out eBook
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Pilot Desktop" = Palm Desktop and HotSync Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2012 8:01:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 8:01:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 8:41:05 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 8:41:05 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 9:34:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 9:34:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 10:39:05 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 10:39:05 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 11:09:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 2/14/2012 11:09:53 PM | Computer Name = HOME-OFFICE-PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 1/23/2012 1:38:24 PM | Computer Name = HOME-OFFICE-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/25/2012 8:20:15 PM | Computer Name = HOME-OFFICE-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 2/11/2012 2:40:47 PM | Computer Name = HOME-OFFICE-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/11/2012 2:40:47 PM | Computer Name = HOME-OFFICE-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 2/13/2012 9:41:19 PM | Computer Name = HOME-OFFICE-PC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf812511, parameter3
a57bb28c, parameter4 00000000.

Error - 2/13/2012 9:41:20 PM | Computer Name = HOME-OFFICE-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 2/14/2012 4:40:24 PM | Computer Name = HOME-OFFICE-PC | Source = Service Control Manager | ID = 7031
Description = The SQL Server Browser service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/14/2012 4:44:28 PM | Computer Name = HOME-OFFICE-PC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Snagit 9 share name Printer.

Error - 2/14/2012 4:44:41 PM | Computer Name = HOME-OFFICE-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 2/14/2012 5:47:10 PM | Computer Name = HOME-OFFICE-PC | Source = Service Control Manager | ID = 7031
Description = The SQL Server Browser service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

Attached Files


  • 0

Advertisements

#2
ldavid
Posted 15 February 2012 - 04:13 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
2/15/12 -- Apparently, their is malware in my computer that, once a search is initiated in the Google page, if it includes keywords found in any of Ask.com's sponsored links, then ask.com captures the query, returning their sponsored links and saying "no web content found".
  • 0

#3
Nedklaw
Posted 18 February 2012 - 02:53 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, ldavid! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for ldavid only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your logs and I will post back soon.
  • 0

#4
ldavid
Posted 18 February 2012 - 03:34 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Ned,

Thanks for the attention. Since I made the first entry, I've been able to remove qbyrd from my computer, made Google my search choice in all three browser, to no avail. Not all searches, but many, will end up with a results screen from www.search-results with the below at the bottom copy right symbol followed by "2012 IAC Search & Media". Most of those searches will have only a few "Sponsored Results", and little or no Web Results. Sometimes, I get the normal Google search results page. It appears some malware is capturing my search somehow.
  • 0

#5
Nedklaw
Posted 18 February 2012 - 03:36 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Whilst I am reviewing your logs, please do the following:


Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image
  • 0

#6
ldavid
Posted 18 February 2012 - 05:37 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the log from the aswmbr scan. Windows says it can't open the .dat file. Spybot killed the download of a free windows file opener. Application won't let me upload the mbr.dat file.
Sorry. Here's the text file:


aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-18 17:10:49
-----------------------------
17:10:49.750 OS Version: Windows 5.1.2600 Service Pack 3
17:10:49.750 Number of processors: 1 586 0x403
17:10:49.750 ComputerName: HOME-OFFICE-PC UserName: Larry Stanford
17:10:50.906 Initialize success
17:10:51.171 AVAST engine defs: 12021801
17:11:52.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
17:11:52.937 Disk 0 Vendor: WDC_WD400BD-60LRA0 07.01D07 Size: 38166MB BusType: 3
17:11:52.968 Disk 0 MBR read successfully
17:11:52.968 Disk 0 MBR scan
17:11:52.968 Disk 0 Windows XP default MBR code
17:11:52.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
17:11:52.968 Disk 0 scanning sectors +78156225
17:11:53.031 Disk 0 scanning C:\WINDOWS\system32\drivers
17:12:01.078 Service scanning
17:12:20.343 Modules scanning
17:12:45.437 Disk 0 trace - called modules:
17:12:45.453 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:12:45.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4c5ab8]
17:12:45.453 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a4c8d98]
17:12:45.906 AVAST engine scan C:\WINDOWS
17:12:50.140 AVAST engine scan C:\WINDOWS\system32
17:14:25.359 AVAST engine scan C:\WINDOWS\system32\drivers
17:14:38.875 AVAST engine scan C:\Documents and Settings\Larry Stanford
17:19:12.906 AVAST engine scan C:\Documents and Settings\All Users
17:23:07.109 Scan finished successfully
17:23:49.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat"
17:23:49.593 The log file has been saved successfully to "C:\Documents and Settings\Larry Stanford\Desktop\aswMBR.txt"
  • 0

#7
Nedklaw
Posted 19 February 2012 - 09:15 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Drive C: | 37.27 Gb Total Space | 5.02 Gb Free Space | 13.47% Space Free | Partition Type: NTFS

To ensure our tools run properly, the minimum free disk space required is 15%. I advise that you free some space up on drive C by uninstalling unwanted programs and deleting any personal files you don't want.


Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.

Step 2

You have some remnants of AVG on your system.

Download the AVG Removal Tool to your desktop.

Run the tool to remove AVG.

After this, please restart your computer.


Step 3

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

  • Ask Toolbar
  • Viewpoint Media Player

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.


Step 4

If you have Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
[2012/02/11 09:32:27 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/02/11 09:41:16 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\searchplugins\Search_Results.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2012/02/11 09:41:16 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
CHR - default_search_provider: Search Results (Enabled)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
[2012/02/11 09:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\23222
[2012/02/11 09:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/02/11 09:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/02/11 09:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Conduit
[2012/01/30 11:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\AVG
[2012/02/14 19:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/03 21:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1261
[2011/12/03 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F157
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

#8
ldavid
Posted 19 February 2012 - 11:44 AM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ned,

Did all the things you asked. Don't know how to find the OTL fix log. Below is the OTL.txt from today:
Thanks a lot. I'll get back on here in a bit.

Larry

OTL logfile created on: 2/19/2012 11:34:27 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Larry Stanford\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 85.76% Memory free
4.82 Gb Paging File | 4.49 Gb Available in Paging File | 93.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 4.65 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 101.18 Gb Free Space | 67.88% Space Free | Partition Type: NTFS

Computer Name: HOME-OFFICE-PC | User Name: Larry Stanford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/14 19:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Stanford\My Documents\Downloads\OTL.exe
PRC - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/10/28 06:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe
PRC - [2009/10/28 06:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe
PRC - [2009/07/20 11:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe
PRC - [2008/08/21 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 22:33:56 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021900\algo.dll
MOD - [2012/02/14 21:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 21:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 21:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 21:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 21:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
MOD - [2009/12/16 10:11:56 | 000,115,008 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
MOD - [2009/10/28 06:38:50 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.5\xmltok.dll
MOD - [2009/10/28 06:38:50 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.5\xmlparse.dll
MOD - [2009/10/28 06:38:50 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.5\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 07:27:57 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/08/21 04:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/01/31 07:28:20 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/07/14 06:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/06/01 11:13:30 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com"
FF - prefs.js..keyword.URL: "http://www.google.com/search?q= "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 20:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/09 09:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions
[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions\[email protected]
[2012/02/19 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions
[2012/02/11 09:41:56 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/02/11 16:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/09 09:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2012/02/19 11:21:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O15 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260325916326 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD74933-1A84-4764-819D-FAF432F060FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 10:24:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 11:21:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/19 08:59:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Stanford\Recent
[2012/02/18 12:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\Malwarebytes
[2012/02/18 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/18 09:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Desktop\New Folder (2)
[2012/02/18 09:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Desktop\New Folder
[2012/02/16 18:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2012/02/16 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2012/02/16 18:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/02/14 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Google Chrome
[2012/02/11 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/11 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2012/02/11 09:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2012/02/05 12:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Microsoft Office
[2012/01/30 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/01/26 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/02/19 11:24:04 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/19 11:23:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/19 11:21:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/19 08:54:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/19 08:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/19 06:00:51 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/18 23:00:03 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/02/18 17:23:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/18 15:44:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 15:39:14 | 000,000,178 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/02/18 11:54:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/17 03:22:48 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/17 03:22:48 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 06:04:58 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:23:11 | 000,480,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 03:23:11 | 000,085,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:27 | 000,010,297 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/14 20:37:44 | 003,246,230 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 12:39:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/11 12:18:26 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 12:18:10 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/09 09:05:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/09 09:05:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/05 09:08:50 | 000,359,049 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:32:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:32:26 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/31 07:28:24 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/30 06:47:06 | 007,030,167 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk

========== Files Created - No Company Name ==========

[2012/02/18 17:23:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:24 | 000,010,297 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 20:37:31 | 003,246,230 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 11:50:26 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/14 11:50:26 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 11:49:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/14 11:49:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/11 12:18:26 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/11 12:18:10 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/05 09:08:47 | 000,359,049 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:29:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:29:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/30 12:06:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/30 06:46:39 | 007,030,167 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk
[2011/12/02 22:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2011/03/28 19:48:58 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2011/02/09 21:00:04 | 000,466,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/08 18:45:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/03/04 23:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 17:43:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 03:29:02 | 000,006,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/06 11:35:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/12/02 13:27:49 | 000,000,178 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/12/01 10:46:43 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/27 13:51:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/24 08:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/20 19:58:37 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2009/11/16 19:45:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/03/04 10:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 10:22:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/04 09:36:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 08:13:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/03/04 08:12:59 | 000,480,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 08:12:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/04 08:12:59 | 000,085,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/04 08:12:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/04 08:12:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/04 08:12:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/04 08:12:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/04 08:12:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/04 08:12:58 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/04 08:12:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/04 08:12:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/04 08:12:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/04 02:19:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/04 02:18:20 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2000/02/23 22:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2000/01/10 08:34:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\MSPUNIN.EXE
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2009/11/24 07:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/02/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/28 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/21 07:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/09 21:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/01/09 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/02/16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2010/02/01 07:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/01/31 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/04 10:54:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/11/24 07:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ACD Systems
[2012/02/11 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2009/11/22 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Blitware
[2009/12/01 19:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/16 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.w3i.musicoasis
[2009/12/03 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DeepBurner Pro
[2010/01/09 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Downloaded Installations
[2012/02/16 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2011/02/21 09:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ElevatedDiagnostics
[2011/10/02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\FrostWire
[2010/03/17 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\GlarySoft
[2009/12/02 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\InfraRecorder
[2010/11/16 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\LimeWire
[2012/02/11 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2011/12/09 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nitro PDF
[2010/01/05 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nuance
[2011/12/15 06:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\PerformerSoft
[2011/12/06 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SoftGrid Client
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Softland
[2012/02/16 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2010/04/23 06:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TechSmith
[2011/08/06 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TP
[2011/12/03 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincorebsband
[2011/12/05 06:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincoreimband
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

#9
ldavid
Posted 19 February 2012 - 05:42 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the scan log. Found it open on my desktop.

All processes killed
========== OTL ==========
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\searchplugins\Search_Results.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\Documents and Settings\All Users\Application Data\23222 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess\408BB4F3FCE8CC01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\AVG\Track Eraser folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\AVG\PC Tuneup 2011 folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\AVG\BoostSpeed folder moved successfully.
C:\Documents and Settings\Larry Stanford\Application Data\AVG folder moved successfully.
File C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\Documents and Settings\All Users\Application Data\1261 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\1F157 folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Larry Stanford\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Larry Stanford\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 61 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 33 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 114822 bytes
->Flash cache emptied: 0 bytes

User: Larry Stanford
->Temp folder emptied: 1091043 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51315391 bytes
->Google Chrome cache emptied: 7866086 bytes
->Flash cache emptied: 4229 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 557056 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Test
->Temp folder emptied: 3715 bytes
->Temporary Internet Files folder emptied: 820084 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 277731325 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 290275425 bytes

Total Files Cleaned = 601.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02192012_112153

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Larry
  • 0

#10
Nedklaw
Posted 20 February 2012 - 02:17 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

If you have Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}

:Files
C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

Advertisements

#11
ldavid
Posted 20 February 2012 - 05:47 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ned,

As far as performance is concerned, the PC is working fine. Google search is working fine on IE, i.e. the search results comes up on a Google page. However, Firefox and Chrome still give results in someone elses's page (ask.com I guess), wit the below at the bottom of the page "© 2012 IAC Search & Media". Here's the various other logs. Looks like none of them found any malware:

OTL_3.txt (post operations)
OTL logfile created on: 2/20/2012 4:12:06 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Larry Stanford\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.95% Memory free
4.82 Gb Paging File | 4.51 Gb Available in Paging File | 93.43% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 5.07 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 101.18 Gb Free Space | 67.88% Space Free | Partition Type: NTFS

Computer Name: HOME-OFFICE-PC | User Name: Larry Stanford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/14 19:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Stanford\My Documents\Downloads\OTL.exe
PRC - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/10/28 06:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe
PRC - [2009/10/28 06:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe
PRC - [2009/07/20 11:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe
PRC - [2008/08/21 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 06:29:27 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022001\algo.dll
MOD - [2012/02/14 21:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 21:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 21:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 21:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 21:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
MOD - [2009/10/28 06:38:50 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.5\xmltok.dll
MOD - [2009/10/28 06:38:50 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.5\xmlparse.dll
MOD - [2009/10/28 06:38:50 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.5\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 07:27:57 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/08/21 04:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/01/31 07:28:20 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/07/14 06:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/06/01 11:13:30 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com"
FF - prefs.js..keyword.URL: "http://www.google.com/search?q= "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 20:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/09 09:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions
[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions\[email protected]
[2012/02/20 16:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions
[2012/02/11 09:41:56 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/02/11 16:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/09 09:04:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/09 09:05:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\LARRY STANFORD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DVRNPZZC.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2011/11/20 20:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 17:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 17:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2012/02/20 16:01:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O15 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260325916326 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD74933-1A84-4764-819D-FAF432F060FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 10:24:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 11:21:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/19 08:59:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Stanford\Recent
[2012/02/18 12:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\Malwarebytes
[2012/02/18 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/16 18:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2012/02/16 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2012/02/16 18:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/02/14 11:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Google Chrome
[2012/02/11 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/11 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2012/02/11 09:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2012/02/05 12:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Microsoft Office
[2012/01/30 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/01/26 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/02/20 16:06:16 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/20 16:05:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 16:01:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/20 12:54:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/20 12:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 11:54:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/20 06:00:48 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/19 23:00:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/02/19 21:13:36 | 000,000,178 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/02/19 17:45:54 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (3).lnk
[2012/02/19 15:44:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 17:23:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/17 03:22:48 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/17 03:22:48 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 06:04:58 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:23:11 | 000,480,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 03:23:11 | 000,085,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:27 | 000,010,297 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/14 20:37:44 | 003,246,230 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 12:39:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/11 12:18:26 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/09 09:05:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/09 09:05:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/05 09:08:50 | 000,359,049 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:32:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:32:26 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/31 07:28:24 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/30 06:47:06 | 007,030,167 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk

========== Files Created - No Company Name ==========

[2012/02/19 17:45:54 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (3).lnk
[2012/02/18 17:23:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:24 | 000,010,297 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 20:37:31 | 003,246,230 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 11:50:26 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/14 11:50:26 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 11:49:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/14 11:49:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/11 12:18:26 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/05 09:08:47 | 000,359,049 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:29:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:29:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/30 12:06:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/30 12:06:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/30 06:46:39 | 007,030,167 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk
[2011/12/02 22:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2011/03/28 19:48:58 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2011/02/09 21:00:04 | 000,466,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/08 18:45:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/03/04 23:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 17:43:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 03:29:02 | 000,006,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/06 11:35:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/12/02 13:27:49 | 000,000,178 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/12/01 10:46:43 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/27 13:51:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/24 08:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/20 19:58:37 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2009/11/16 19:45:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/03/04 10:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 10:22:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/04 09:36:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 08:13:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/03/04 08:12:59 | 000,480,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 08:12:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/04 08:12:59 | 000,085,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/04 08:12:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/04 08:12:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/04 08:12:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/04 08:12:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/04 08:12:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/04 08:12:58 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/04 08:12:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/04 08:12:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/04 08:12:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/04 02:19:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/04 02:18:20 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2000/02/23 22:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2000/01/10 08:34:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\MSPUNIN.EXE
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2009/11/24 07:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/02/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/28 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/21 07:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/09 21:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/01/09 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/02/16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2010/02/01 07:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/01/31 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/04 10:54:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/11/24 07:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ACD Systems
[2012/02/11 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2009/11/22 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Blitware
[2009/12/01 19:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/16 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.w3i.musicoasis
[2009/12/03 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DeepBurner Pro
[2010/01/09 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Downloaded Installations
[2012/02/16 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2011/02/21 09:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ElevatedDiagnostics
[2011/10/02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\FrostWire
[2010/03/17 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\GlarySoft
[2009/12/02 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\InfraRecorder
[2010/11/16 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\LimeWire
[2012/02/11 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2011/12/09 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nitro PDF
[2010/01/05 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nuance
[2011/12/15 06:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\PerformerSoft
[2011/12/06 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SoftGrid Client
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Softland
[2012/02/16 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2010/04/23 06:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TechSmith
[2011/08/06 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TP
[2011/12/03 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincorebsband
[2011/12/05 06:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincoreimband
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

ESET Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17108 (vista_gdr.111215-0007)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0530d8e6f875d84cb17948b23c0dbfe1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-21 01:17:48
# local_time=2012-02-20 05:17:48 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 52643547 52643547 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=110153
# found=0
# cleaned=0
# scan_time=2741

MBAM Log

Couldn't find the MBAM log. There doesn't appear to be any logs in the subdirectory. Although, it said it didn't find any malware when it finished.

OTL Fix Log

Didn't find the OTL Fix Log. There are quite a few subdirectories under OTL Moved Files

Bottom line is that all of this didn't seem to find any malware, but that miserable AIC Search abd Media are still capturing my searches on Chrome and Firefox????

Larry
  • 0

#12
ldavid
Posted 21 February 2012 - 08:50 AM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ned,

I'm really getting uneasy about this problem. Seems as if someone has really gone to a lot of trouble to conceal the code. I'm afraid it's storing key strokes, etc. Is it possible this is server resident? Perhaps doing it's dirty work just on a per-session basis? If that were so, wouldn't it attack random machines, due to my PC being assigned a new IP for each session? Have you heard of this problem before??

Larry
  • 0

#13
ldavid
Posted 21 February 2012 - 09:27 AM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ned,

Eureka. I called TWC Help, and they helped fix the problem. Evidently, this was Phishing malware downloaded as a menu bar, which redirected a search to these other folks (AIC), even tho I deleted the menu bar when I first saw it. After fixing Firefox, we made it the default browser, deleted Chrome and reinstalled it. Now, they're all acting OK, i.e. not being redirected to the AIC search page.

I remember a tool bar showed up either when I downloaded Speedmax PC, or iMesh. I immediately "unchecked" the toolbar when it showed up, and early last week I deleted both of these applications, but, evidently, the damage was already done.

Thank you very much for your time and interest. I'm very impressed with Geeks To Go. If the problem recurs I'll holler again.

Larry
  • 0

#14
Nedklaw
Posted 21 February 2012 - 02:59 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
There a still a few entries in the OTL log that need my attention.


Step 1

  • Open Mozilla Firefox.
  • Click Tools > Add-ons.
  • Click on the Extensions or Themes button on the top.
  • Uninstall the following extensions (if present):
    • BitTorrentBar
    • Fast Video Download
  • Restart firefox.

Step 2

If you have Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

#15
ldavid
Posted 21 February 2012 - 03:37 PM

ldavid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ned,

Couldn't find either one of the two items in Firefox. Here's the info you asked for:

Moved Files:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Larry Stanford\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Larry Stanford\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Larry Stanford
->Temp folder emptied: 338 bytes
->Temporary Internet Files folder emptied: 448676 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29989288 bytes
->Google Chrome cache emptied: 6398091 bytes
->Flash cache emptied: 658 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 02212012_151726

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Log File:


OTL logfile created on: 2/21/2012 3:29:20 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Larry Stanford\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 85.54% Memory free
4.82 Gb Paging File | 4.50 Gb Available in Paging File | 93.33% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 4.18 Gb Free Space | 11.21% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 100.94 Gb Free Space | 67.72% Space Free | Partition Type: NTFS

Computer Name: HOME-OFFICE-PC | User Name: Larry Stanford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 21:03:37 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/14 19:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry Stanford\My Documents\Downloads\OTL.exe
PRC - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/10/28 06:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe
PRC - [2009/10/28 06:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe
PRC - [2009/07/20 11:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1258429684\ee\aolsoftware.exe
PRC - [2008/08/21 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/21 00:54:36 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022100\algo.dll
MOD - [2012/02/14 21:03:36 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll
MOD - [2012/02/14 21:03:34 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012/02/14 21:02:10 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012/02/14 21:02:08 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012/02/14 21:02:07 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
MOD - [2009/10/28 06:38:50 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.5\xmltok.dll
MOD - [2009/10/28 06:38:50 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.5\xmlparse.dll
MOD - [2009/10/28 06:38:50 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.5\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 07:27:57 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/12/07 10:26:24 | 000,274,424 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/08/21 04:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2012/01/31 07:28:20 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/07/14 06:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2000/06/01 11:13:30 | 000,019,968 | ---- | M] (Handspring, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VisorUsb.sys -- (VisorUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..keyword.URL: "http://www.google.com/search?q= "
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/05 20:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 12:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions
[2009/11/22 09:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Extensions\[email protected]
[2012/02/20 16:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions
[2012/02/11 09:41:56 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/02/11 16:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Larry Stanford\Application Data\Mozilla\Firefox\Profiles\dvrnpzzc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/21 12:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 06:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 02:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 02:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/21 15:17:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O15 - HKU\S-1-5-21-1686195549-3738934822-2574320679-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260325916326 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD74933-1A84-4764-819D-FAF432F060FA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/04 10:24:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 14:15:50 | 000,000,118 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 12:56:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Larry Stanford\Recent
[2012/02/21 09:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Google Chrome
[2012/02/20 16:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/19 11:21:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/18 12:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\Malwarebytes
[2012/02/18 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/16 18:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2012/02/16 18:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2012/02/16 18:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/02/11 12:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/11 12:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/11 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2012/02/11 09:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2012/02/05 12:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Start Menu\Programs\Microsoft Office
[2012/01/30 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/01/26 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/02/21 15:19:34 | 000,012,684 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/21 15:18:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/21 15:17:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/21 14:54:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/21 14:44:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/21 12:24:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/21 12:24:58 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/21 11:54:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/21 09:10:27 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/21 09:10:27 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/21 05:51:26 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/20 23:00:04 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/02/19 21:13:36 | 000,000,178 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/02/19 15:44:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 17:23:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/16 06:04:58 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:23:11 | 000,480,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 03:23:11 | 000,085,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:27 | 000,010,297 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/14 20:37:44 | 003,246,230 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 12:39:49 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/02/11 12:18:26 | 000,000,301 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/05 09:08:50 | 000,359,049 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:32:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:32:26 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/31 07:28:24 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/30 06:47:06 | 007,030,167 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk

========== Files Created - No Company Name ==========

[2012/02/21 12:24:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/21 12:24:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/21 12:24:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/21 09:10:27 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Google Chrome.lnk
[2012/02/21 09:10:27 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/18 17:23:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\MBR.dat
[2012/02/15 12:21:20 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Resize of Presentation1.jpg
[2012/02/15 12:19:24 | 000,010,297 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Presentation1.jpg
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 05:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 20:37:31 | 003,246,230 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\Entabulator.wmv
[2012/02/14 11:49:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007UA.job
[2012/02/14 11:49:33 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1686195549-3738934822-2574320679-1007Core.job
[2012/02/11 12:18:26 | 000,000,301 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Sounds and Audio Devices (2).lnk
[2012/02/05 09:08:47 | 000,359,049 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\image001.png
[2012/01/31 07:29:22 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/31 07:29:22 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/30 06:46:39 | 007,030,167 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\My Documents\roadrunner.wmv
[2012/01/24 14:55:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Desktop\Mozilla Firefox (2).lnk
[2011/12/02 22:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2011/03/28 19:48:58 | 000,000,445 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2011/02/09 21:00:04 | 000,466,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/08 18:45:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/03/04 23:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/03 17:43:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Larry Stanford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 03:29:02 | 000,006,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/06 11:35:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2009/12/02 13:27:49 | 000,000,178 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/12/01 10:46:43 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/11/27 13:51:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/24 08:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/20 19:58:37 | 000,007,812 | ---- | C] () -- C:\WINDOWS\System32\visorusb.dll
[2009/11/16 19:45:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/03/04 10:26:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/04 10:22:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/04 09:36:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/04 08:13:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/03/04 08:12:59 | 000,480,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 08:12:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/03/04 08:12:59 | 000,085,892 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/04 08:12:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/03/04 08:12:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/04 08:12:58 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/03/04 08:12:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/03/04 08:12:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/03/04 08:12:58 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/03/04 08:12:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/03/04 08:12:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/03/04 08:12:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/03/04 02:19:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/04 02:18:20 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2000/02/23 22:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2000/01/10 08:34:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\MSPUNIN.EXE
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll

========== LOP Check ==========

[2009/11/24 07:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/02/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/06/28 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/21 07:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/09 21:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/01/09 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/02/16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2010/02/01 07:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/01/31 07:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/04 10:54:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2009/11/24 07:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ACD Systems
[2012/02/11 16:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\BitTorrent
[2009/11/22 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Blitware
[2009/12/01 19:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/16 20:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\com.w3i.musicoasis
[2009/12/03 21:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DeepBurner Pro
[2010/01/09 12:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Downloaded Installations
[2012/02/16 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\DriverCure
[2011/02/21 09:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\ElevatedDiagnostics
[2011/10/02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\FrostWire
[2010/03/17 21:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\GlarySoft
[2009/12/02 12:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\InfraRecorder
[2010/11/16 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\LimeWire
[2012/02/11 12:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\mediabarim
[2011/12/09 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nitro PDF
[2010/01/05 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Nuance
[2011/12/15 06:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\PerformerSoft
[2011/12/06 08:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SoftGrid Client
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\Softland
[2012/02/16 18:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\SpeedMaxPc
[2010/04/23 06:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TechSmith
[2011/08/06 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\TP
[2011/12/03 21:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincorebsband
[2011/12/05 06:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry Stanford\Application Data\wincoreimband
[2010/01/05 08:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Let me know what you think,

Larry
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP