Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Redirect virus keeps coming back after cleanup! [Closed] [Solved]

Started by Sillycat41 , Jul 19 2012 07:37 AM

This topic is locked

#1
Sillycat41

Posted 19 July 2012 - 07:37 AM

Member

Member
15 posts

Computer info: Windows XP SP3, Avast, Malwarebytes, CCleaner... all up-to-date and ran frequently. After discovering a redirect virus and doing research on forums, I ran a dozen different malware and anti-virus programs that were recommended (both in regular mode and safe mode), but the redirect virus keeps coming back... only happens on about even 30 or 40 searches though.

Have also deleted *.tmp files and ran HiJackThis plus several suggestions gotten off this forum: Combofix, Tdsskiller, SmitfraudFix, OTM, GooredFix and yet it still returns after a break. This is very annoying since my computer has always been clean and virus free!!!

Hoping someone will know how to get rid of this problem... don't want to format and reinstall Windows and all my programs if I don't have to. That's a last resort but may be necessary. Anyone have any success at getting rid of this annoying virus??? Thanks!

P.S. Examples of sites redirected to:

http://click.get-answers-fast.com....
http://click.scour.c...click/jump1....

also: 63.209.69.107 and other URLs

#2
Essexboy

Posted 19 July 2012 - 08:02 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi I will need to look at the system first

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
Sillycat41

Posted 19 July 2012 - 09:18 PM

Member

Topic Starter
Member
15 posts

Hello Essexboy,

Thanks for helping with this. The first time I ran OTL.exe the computer locked up. I think Avast AV was the problem so I disabled it and ran OTL again successfully. By post I think you meant to copy and paste the logs, right? Here they are then:
___________________________________________________________

OTL logfile created on: 7/19/2012 10:23:48 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.64% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.21 Gb Total Space | 21.01 Gb Free Space | 31.25% Space Free | Partition Type: NTFS

Computer Name: D24F9X81 | User Name: Barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 22:02:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/06/27 13:01:14 | 000,096,768 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/09/13 16:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/21 12:19:58 | 000,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/02/21 12:17:42 | 000,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/02/21 12:13:26 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/02/16 12:58:12 | 000,856,064 | ---- | M] (Christian Diefer) -- C:\Program Files\I8kfanGUI\I8kfanGUI.exe
PRC - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/09/01 19:24:08 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/09/13 12:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 10:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/19 16:12:07 | 001,784,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071902\algo.dll
MOD - [2012/07/06 19:07:21 | 018,058,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll
MOD - [2012/07/06 19:04:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
MOD - [2012/07/06 19:04:32 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
MOD - [2012/07/06 19:04:26 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\dbe597aa9c12df5d08fb2f3f9872b834\System.Web.Services.ni.dll
MOD - [2012/07/06 19:04:04 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/07/06 19:04:01 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/07/06 19:03:59 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/07/06 18:12:19 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/07/06 18:12:11 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/07/06 18:11:52 | 007,069,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/07/06 18:11:37 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/07/06 18:10:23 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2007/02/21 12:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/10/17 17:13:20 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/09/01 19:24:08 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
MOD - [2005/07/26 20:46:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/06/29 14:44:42 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/27 13:01:14 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/04/26 11:41:37 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/09/13 16:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/08/18 00:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/02/21 12:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/14 16:23:18 | 000,538,096 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcccoms.exe -- (dlcc_device)
SRV - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Barb\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/02/18 11:21:27 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/02/18 11:21:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/02/18 11:21:18 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/02/18 11:21:10 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2012/01/18 15:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 15:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/05 22:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 22:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/02/05 22:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 22:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2007/11/06 13:22:00 | 000,036,224 | ---- | M] (ArcSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ArcCD.sys -- (ArcCD)
DRV - [2007/04/25 08:55:02 | 000,134,912 | ---- | M] (ArcSoft Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ArcUdfs.sys -- (ArcUdfs)
DRV - [2007/04/24 11:33:50 | 000,007,680 | ---- | M] (ArcSoft Inc.) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\ArcRec.sys -- (ArcRec)
DRV - [2007/02/21 12:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/16 05:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fanio.sys -- (fanio)
DRV - [2007/02/08 14:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/11/30 00:49:17 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 00:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/03 12:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/11 00:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 11:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/06/17 22:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{54F993FF-9710-401F-9A7E-B8A8F2F6C949}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enUS388
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=PD
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{D5042721-6DFD-85DD-AD1C-6B852F3F6275}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\..\SearchScopes\{F85997F6-44A2-4EED-9324-F9B8E227E003}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.722
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.http_port: 87
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/12/03 14:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/03 14:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/07/12 23:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/06/30 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/02 20:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/02 20:18:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/20 19:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/06/02 20:18:11 | 000,000,000 | ---D | M]

[2010/05/10 20:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Extensions
[2010/05/10 20:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/12 23:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions
[2010/12/23 00:38:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/26 11:42:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/04/30 11:08:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/12/07 19:58:52 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\[email protected]
[2012/05/30 09:54:03 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\[email protected]
[2011/12/17 15:55:57 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\searchplugins\scroogle-ssl.xml
[2012/04/26 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/27 16:56:33 | 000,006,870 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BARB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\APGASRMX.DEFAULT\EXTENSIONS\{2A638E17-DE1D-48D3-A4B7-39E9670FF77A}.XPI
[2012/01/27 16:56:39 | 000,097,169 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BARB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\APGASRMX.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2004/08/04 07:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BARB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\APGASRMX.DEFAULT\EXTENSIONS\[email protected]
[2012/06/30 21:10:05 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012/04/26 11:41:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/07 11:32:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/18 22:18:36 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2002/01/09 00:26:42 | 000,319,488 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012/04/26 11:41:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 11:41:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/15 21:45:13 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3849711765-1259099603-1021624056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340330382609 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26A0DD5F-CFCD-4925-B09A-6790316455AE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C77EC15E-8280-489D-92EB-3E58A8FBC349}: DhcpNameServer = 192.168.0.1 216.165.129.158 216.170.153.146
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 22:10:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Barb\Desktop\aswMBR.exe
[2012/07/19 22:02:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2012/07/19 12:28:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Barb\Recent
[2012/07/17 22:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/16 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Toshiba docs
[2012/07/15 21:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\GooredFix Backups
[2012/07/15 21:45:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/15 21:29:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/07/15 19:55:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2012/07/15 19:55:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2012/07/15 19:55:21 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2012/07/15 19:55:21 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2012/07/15 19:55:21 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2012/07/15 19:55:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2012/07/15 19:55:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2012/07/15 19:55:21 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2012/07/15 19:55:21 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2012/07/15 19:55:20 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2012/07/15 19:55:20 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2012/07/15 19:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\SmitfraudFix
[2012/07/15 19:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/07/15 19:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/15 18:49:45 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Barb\Desktop\GooredFix.exe
[2012/07/15 18:04:37 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTM.exe
[2012/07/14 15:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Holistic Health
[2012/07/14 14:51:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012/07/13 23:14:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/13 23:00:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/12 22:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/07/12 22:42:12 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/07/12 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/12 22:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/07/12 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Application Data\TestApp
[2012/07/12 22:39:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/07/12 22:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/12 22:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/07/12 20:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Dell driver updates
[2012/07/12 20:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Local Settings\Application Data\Deployment
[2012/07/12 18:47:49 | 000,000,000 | ---D | C] -- C:\Log
[2012/07/12 18:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Windows Data Recovery
[2012/07/12 18:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2012/07/12 17:11:49 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/07/12 17:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\backups
[2012/07/12 10:15:10 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Barb\Desktop\tdsskiller.exe
[2012/07/11 16:53:38 | 000,000,000 | ---D | C] -- C:\Lexar jump drive data off for Hank
[2012/07/09 22:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Application Data\SUPERAntiSpyware.com
[2012/07/09 22:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/09 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/09 22:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/08 16:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Local Settings\Application Data\DigitalVolcano
[2012/07/06 19:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\House projects
[2012/07/06 18:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Desktop\Diets
[2012/06/30 21:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\My Documents\Freemake
[2012/06/30 21:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Start Menu\Programs\Freemake
[2012/06/30 21:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
[2012/06/30 21:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2012/06/30 21:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012/06/30 17:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
[2012/06/21 21:50:13 | 000,000,000 | ---D | C] -- C:\861753d54eb6cf20a2299eac38e96b
[2012/06/21 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Restore
[2012/06/21 21:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barb\Start Menu\Programs\Desktop Restore
[2012/06/21 18:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Benjamin Moore
[2012/06/21 15:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Benjamin Moore

========== Files - Modified Within 30 Days ==========

[2012/07/19 22:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/19 22:17:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 22:10:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Barb\Desktop\aswMBR.exe
[2012/07/19 22:02:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTL.exe
[2012/07/19 16:34:14 | 004,604,607 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Honda Generator Parts Catalog.pdf
[2012/07/19 13:36:15 | 000,020,618 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\FIRST LUTHERAN CHURCHA congregation of the Evangelical Lutheran.wpd
[2012/07/19 09:58:48 | 000,004,097 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Examples of redirect URLs.rtf
[2012/07/19 09:39:03 | 002,682,763 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Examples of redirect.rtf
[2012/07/17 23:33:05 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/16 16:18:22 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Host files.rtf
[2012/07/15 21:45:13 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/15 21:31:45 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Microsoft Office Excel Viewer 2003.lnk
[2012/07/15 19:53:19 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\NTREGOPT.lnk
[2012/07/15 19:53:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\ERUNT.lnk
[2012/07/15 18:49:46 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Barb\Desktop\GooredFix.exe
[2012/07/15 18:43:13 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\SmitfraudFix.exe
[2012/07/15 18:04:41 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barb\Desktop\OTM.exe
[2012/07/15 08:58:24 | 000,004,912 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Redirect Remover.rtf
[2012/07/14 16:56:52 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Robert Spencer book review.rtf
[2012/07/14 15:36:32 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Barb\My Documents\cc_20120714_153629.reg
[2012/07/14 14:50:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/14 14:50:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/07/14 14:50:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/07/14 10:10:37 | 006,518,637 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Ginnie's liberal comments.rtf
[2012/07/13 23:14:57 | 000,008,204 | ---- | M] () -- C:\Documents and Settings\Barb\My Documents\cc_20120713_231454.reg
[2012/07/13 23:00:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/13 22:11:04 | 006,050,044 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Redirect.rtf
[2012/07/12 23:33:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/12 22:42:36 | 000,667,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/07/12 22:39:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2012/07/12 21:15:17 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/07/12 21:12:24 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/07/12 21:12:24 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\830D2AE099.sys
[2012/07/12 18:48:10 | 000,000,068 | ---- | M] () -- C:\WINDOWS\spwdra.INI
[2012/07/12 17:10:20 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\housecall.guid.cache
[2012/07/12 10:15:24 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Barb\Desktop\tdsskiller.exe
[2012/07/09 21:44:37 | 002,224,668 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Malware Programs.rtf
[2012/07/09 14:36:42 | 001,730,588 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Insulated Glass.pdf
[2012/07/08 15:53:33 | 001,699,807 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Bad Pool Caller.rtf
[2012/07/08 11:09:08 | 000,002,706 | ---- | M] () -- C:\Documents and Settings\Barb\My Documents\cc_20120708_110903.reg
[2012/07/07 15:23:47 | 001,430,488 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Valerie.rtf
[2012/07/06 19:20:56 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Microsoft Office Word.lnk
[2012/07/06 18:18:56 | 000,469,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/06 18:18:56 | 000,082,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 12:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/02 22:39:33 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\Barb\My Documents\cc_20120702_223929.reg
[2012/07/02 09:17:24 | 000,191,717 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\0 charts for Barb 3.wpd
[2012/07/02 09:15:01 | 000,003,640 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Email to Junko about Politics.rtf
[2012/07/02 00:04:10 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Romney being rich.rtf
[2012/07/01 19:59:47 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Paint Shop Photo Album.lnk
[2012/07/01 15:08:40 | 000,450,617 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\0 charts for Barb 2.wpd
[2012/06/30 21:30:27 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/30 21:10:07 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012/06/30 17:31:39 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Impression for Kodak.lnk
[2012/06/30 17:16:40 | 001,732,510 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Kodak-Zi8-User-Manual.pdf
[2012/06/30 15:18:08 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Windows Movie Maker.lnk
[2012/06/28 20:53:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 20:53:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 13:39:02 | 000,000,308 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Romney phone.rtf
[2012/06/21 15:49:39 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Barb\Desktop\Ben Moore code.rtf

========== Files Created - No Company Name ==========

[2012/07/19 16:34:13 | 004,604,607 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Honda Generator Parts Catalog.pdf
[2012/07/19 13:36:13 | 000,020,618 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\FIRST LUTHERAN CHURCHA congregation of the Evangelical Lutheran.wpd
[2012/07/19 09:58:48 | 000,004,097 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Examples of redirect URLs.rtf
[2012/07/19 09:13:19 | 002,682,763 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Examples of redirect.rtf
[2012/07/16 16:18:22 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Host files.rtf
[2012/07/15 21:46:03 | 000,252,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3849711765-1259099603-1021624056-1005-0.dat
[2012/07/15 21:31:45 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Microsoft Office Excel Viewer 2003.lnk
[2012/07/15 21:29:52 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Excel Viewer 2003.lnk
[2012/07/15 19:55:21 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2012/07/15 19:55:21 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2012/07/15 19:55:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2012/07/15 19:53:19 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\NTREGOPT.lnk
[2012/07/15 19:53:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\ERUNT.lnk
[2012/07/15 18:43:13 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\SmitfraudFix.exe
[2012/07/15 08:58:24 | 000,004,912 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Redirect Remover.rtf
[2012/07/14 16:56:52 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Robert Spencer book review.rtf
[2012/07/14 15:36:30 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Barb\My Documents\cc_20120714_153629.reg
[2012/07/14 09:25:36 | 006,518,637 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Ginnie's liberal comments.rtf
[2012/07/13 23:14:56 | 000,008,204 | ---- | C] () -- C:\Documents and Settings\Barb\My Documents\cc_20120713_231454.reg
[2012/07/13 23:00:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/13 23:00:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/12 23:33:47 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/12 22:42:25 | 000,667,349 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/07/12 18:47:49 | 000,000,068 | ---- | C] () -- C:\WINDOWS\spwdra.INI
[2012/07/12 17:10:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\housecall.guid.cache
[2012/07/12 14:21:10 | 006,050,044 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Redirect.rtf
[2012/07/09 21:35:55 | 002,224,668 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Malware Programs.rtf
[2012/07/09 14:36:42 | 001,730,588 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Insulated Glass.pdf
[2012/07/08 14:26:15 | 001,699,807 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Bad Pool Caller.rtf
[2012/07/08 11:09:07 | 000,002,706 | ---- | C] () -- C:\Documents and Settings\Barb\My Documents\cc_20120708_110903.reg
[2012/07/06 20:40:08 | 001,430,488 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Valerie.rtf
[2012/07/02 22:39:31 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\Barb\My Documents\cc_20120702_223929.reg
[2012/07/02 10:44:09 | 000,252,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/02 09:17:22 | 000,191,717 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\0 charts for Barb 3.wpd
[2012/07/02 09:15:01 | 000,003,640 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Email to Junko about Politics.rtf
[2012/07/01 16:49:11 | 000,002,390 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Romney being rich.rtf
[2012/07/01 15:08:40 | 000,450,617 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\0 charts for Barb 2.wpd
[2012/06/30 21:10:07 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012/06/30 17:16:40 | 001,732,510 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Kodak-Zi8-User-Manual.pdf
[2012/06/30 15:18:08 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Windows Movie Maker.lnk
[2012/06/28 13:39:02 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Romney phone.rtf
[2012/06/21 15:49:39 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Barb\Desktop\Ben Moore code.rtf
[2012/05/26 20:55:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/26 20:55:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/26 20:55:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/26 20:55:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/26 20:55:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/26 12:14:53 | 000,248,794 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\census.cache
[2012/05/26 12:14:47 | 000,232,312 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\ars.cache
[2012/04/22 17:36:29 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/04/22 17:36:29 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/04/22 17:36:29 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/04/22 17:36:29 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/04/22 17:36:29 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/04/17 18:47:35 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2012/04/17 18:47:34 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2012/04/17 18:47:33 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/02/15 12:29:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/03 20:58:52 | 000,003,517 | ---- | C] () -- C:\Documents and Settings\Barb\.recently-used.xbel
[2011/04/17 19:15:04 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/02/18 10:08:54 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/02/16 11:43:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/20 23:48:26 | 000,000,426 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/01/12 11:51:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/08 09:38:02 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/12/02 20:52:55 | 014,835,712 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2010/11/23 23:04:00 | 000,675,840 | ---- | C] () -- C:\Program Files\TOSHIBA Exif JPEG.jpg
[2010/09/22 23:26:18 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2010/06/02 12:33:27 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JPR.{PB
[2010/06/02 12:33:27 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Barb\Application Data\PFP120JCM.{PB
[2010/05/17 06:53:28 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Barb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/30 00:46:25 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== LOP Check ==========

[2010/05/17 09:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/15 14:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/06 13:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/12/06 13:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/12/18 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2011/12/18 13:18:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/18 13:32:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/01/15 15:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2011/12/18 16:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/12/18 13:32:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/12/18 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/12/18 13:32:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2012/07/15 13:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/01/15 15:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/12/18 13:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/12/18 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/11/27 09:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Inspector
[2012/06/30 21:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2011/01/20 17:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2012/07/12 22:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/05/27 23:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/06/02 18:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/12 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/07/19 22:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/02/18 11:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/07/17 22:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/12 15:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2005/11/30 00:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/24 17:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 14:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Abine
[2012/01/15 15:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Canon
[2011/07/03 21:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\CloneSpy
[2010/07/09 22:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Foxit Software
[2012/01/03 21:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\gtk-2.0
[2010/05/17 07:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Leadertech
[2012/06/02 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Nuance
[2010/09/21 22:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\SanDisk
[2010/12/02 20:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\SystemRequirementsLab
[2011/12/13 15:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\TeamViewer
[2012/07/12 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\TestApp
[2010/05/10 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Thunderbird
[2012/06/18 10:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barb\Application Data\Windows Search
[2012/07/17 23:33:05 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2007/05/17 00:38:54 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\My Personal Data Folder\My NtScp OE Backup\My Web Designs\My Webs\myweb\_vti_pvt\services.cnf
[2007/05/17 22:43:18 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\My Personal Data Folder\My NtScp OE Backup\My Web Designs\My Webs\myweb2\_vti_pvt\services.cnf
[2007/06/02 23:11:44 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\My Personal Data Folder\My NtScp OE Backup\My Web Designs\My Webs\myweb3\_vti_pvt\services.cnf
[2007/06/02 23:11:44 | 000,000,029 | ---- | M] () MD5=AD0055D2C4D56A5D9FC36A633606D39E -- C:\My Personal Data Folder\My NtScp OE Backup\My Web Designs\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.CSS >
[2004/06/22 15:47:52 | 000,014,222 | ---- | M] () MD5=EEB4B04593F8A413DA1830931D6533BC -- C:\Program Files\Intuit\QuickBooks 2005\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2010/05/25 17:31:56 | 000,001,602 | ---- | M] () MD5=C135EA383041029955A803B629391B27 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 1
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = 192.168.0.7;
"LastDetectUrl" =

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8

< End of report>
__________________________________________________________

OTL Extras logfile created on: 7/19/2012 10:23:48 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Barb\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.64% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.21 Gb Total Space | 21.01 Gb Free Space | 31.25% Space Free | Partition Type: NTFS

Computer Name: D24F9X81 | User Name: Barb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3849711765-1259099603-1021624056-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Barb\temp\TeamViewer\Version5\TeamViewer.exe" = C:\Documents and Settings\Barb\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192C6FB8-40B8-4910-BE8C-5EE77FACF08D}" = Hallmark Card Studio 2006
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{228CEA74-6DD1-40B9-B95F-77273F4316B5}" = Desktop Restore
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26346FB6-4F69-453D-95CE-B6BA3A5382F8}" = Broderbund Media Manager
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}" = Personal Color Viewer
"{9B260944-746E-4966-8918-0F9636930456}" = ArcSoft MediaImpression for Kodak
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1914265-0D07-48E0-A937-F20A76D0032D}" = Acronis True Image Home
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1" = Personal Color Viewer
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CloneSpy" = CloneSpy 2.61
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Defraggler" = Defraggler
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Duplicate Cleaner" = Duplicate Cleaner 2.0.6
"Duplicate Cleaner Free" = Duplicate Cleaner Free 3.0.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"HitmanPro36" = HitmanPro 3.6
"I8kfanGUI" = I8kfanGUI V3.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MjM Free Photo Recovery Software1.0" = MjM Free Photo Recovery Software
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0
"Picasa 3" = Picasa 3
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"Recuva" = Recuva
"Shockwave" = Shockwave
"SnagIt5" = SnagIt 5
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"TClockEx_is1" = TClockEx
"TeamViewer 7" = TeamViewer 7
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3849711765-1259099603-1021624056-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2012 6:20:42 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error
occurred while writing installation information to disk. Check to make sure enough
disk space is available, and click Retry, or Cancel to end the install.

Error - 7/6/2012 6:20:42 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error
occurred while writing installation information to disk. Check to make sure enough
disk space is available, and click Retry, or Cancel to end the install.

Error - 7/6/2012 6:20:42 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error
occurred while writing installation information to disk. Check to make sure enough
disk space is available, and click Retry, or Cancel to end the install.

Error - 7/6/2012 6:20:42 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11711
Description = Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error
occurred while writing installation information to disk. Check to make sure enough
disk space is available, and click Retry, or Cancel to end the install.

Error - 7/6/2012 6:20:43 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11719
Description = Product: Microsoft .NET Framework 4 Extended -- Error 1719. The Windows
Installer Service could not be accessed. This can occur if you are running Windows
in safe mode, or if the Windows Installer is not correctly installed. Contact your
support personnel for assistance.

Error - 7/6/2012 6:20:43 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 1020
Description = Product: Microsoft .NET Framework 4 Extended - Update 'KB2533523'
could not be removed. Error code 1603. Additional information is available in the
log file C:\DOCUME~1\Barb\LOCALS~1\Temp\KB2533523_20120706_180916296-Microsoft
.NET Framework 4 Client Profile-MSP1.txt.

Error - 7/12/2012 10:55:09 PM | Computer Name = D24F9X81 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/12/2012 10:55:09 PM | Computer Name = D24F9X81 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/12/2012 11:15:56 PM | Computer Name = D24F9X81 | Source = MsiInstaller | ID = 11706
Description = Product: Desktop Restore -- Error 1706. An installation package for
the product Desktop Restore cannot be found. Try the installation again using a
valid copy of the installation package 'DeskInstU.msi'.

Error - 7/12/2012 11:20:51 PM | Computer Name = D24F9X81 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/16/2012 8:01:14 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/16/2012 8:46:10 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/16/2012 9:56:22 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/18/2012 8:20:29 AM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/18/2012 10:40:02 AM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/18/2012 12:32:04 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/18/2012 4:54:44 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/18/2012 9:17:52 PM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/19/2012 7:53:19 AM | Computer Name = D24F9X81 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 7/19/2012 10:20:10 PM | Computer Name = D24F9X81 | Source = Service Control Manager | ID = 7022
Description = The Freemake Improver service hung on starting.

< End of report >
__________________________________________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 22:37:24
-----------------------------
22:37:24.656 OS Version: Windows 5.1.2600 Service Pack 3
22:37:24.656 Number of processors: 1 586 0xD08
22:37:24.656 ComputerName: D24F9X81 UserName: Barb
22:37:25.343 Initialize success
22:37:28.796 AVAST engine defs: 12071902
22:38:02.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:38:02.703 Disk 0 Vendor: ST980815A 3.ADE Size: 76319MB BusType: 3
22:38:02.828 Disk 0 MBR read successfully
22:38:02.828 Disk 0 MBR scan
22:38:02.828 Disk 0 unknown MBR code
22:38:02.953 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 125 MB offset 63
22:38:03.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68825 MB offset 257040
22:38:03.093 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 7310 MB offset 141323805
22:38:03.140 Disk 0 scanning sectors +156296385
22:38:03.312 Disk 0 scanning C:\WINDOWS\system32\drivers
22:38:18.546 Service scanning
22:38:45.906 Modules scanning
22:38:54.671 Disk 0 trace - called modules:
22:38:55.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:38:55.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abcaab8]
22:38:55.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abdd940]
22:38:55.843 AVAST engine scan C:\WINDOWS
22:39:00.078 AVAST engine scan C:\WINDOWS\system32
22:42:00.375 AVAST engine scan C:\WINDOWS\system32\drivers
22:42:24.859 AVAST engine scan C:\Documents and Settings\Barb
22:54:50.953 AVAST engine scan C:\Documents and Settings\All Users
22:58:01.625 Scan finished successfully
23:00:19.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Barb\Desktop\MBR.dat"
23:00:19.609 The log file has been saved successfully to "C:\Documents and Settings\Barb\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 22:37:24
-----------------------------
22:37:24.656 OS Version: Windows 5.1.2600 Service Pack 3
22:37:24.656 Number of processors: 1 586 0xD08
22:37:24.656 ComputerName: D24F9X81 UserName: Barb
22:37:25.343 Initialize success
22:37:28.796 AVAST engine defs: 12071902
22:38:02.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:38:02.703 Disk 0 Vendor: ST980815A 3.ADE Size: 76319MB BusType: 3
22:38:02.828 Disk 0 MBR read successfully
22:38:02.828 Disk 0 MBR scan
22:38:02.828 Disk 0 unknown MBR code
22:38:02.953 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 125 MB offset 63
22:38:03.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 68825 MB offset 257040
22:38:03.093 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 7310 MB offset 141323805
22:38:03.140 Disk 0 scanning sectors +156296385
22:38:03.312 Disk 0 scanning C:\WINDOWS\system32\drivers
22:38:18.546 Service scanning
22:38:45.906 Modules scanning
22:38:54.671 Disk 0 trace - called modules:
22:38:55.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:38:55.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8abcaab8]
22:38:55.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8abdd940]
22:38:55.843 AVAST engine scan C:\WINDOWS
22:39:00.078 AVAST engine scan C:\WINDOWS\system32
22:42:00.375 AVAST engine scan C:\WINDOWS\system32\drivers
22:42:24.859 AVAST engine scan C:\Documents and Settings\Barb
22:54:50.953 AVAST engine scan C:\Documents and Settings\All Users
22:58:01.625 Scan finished successfully
23:00:19.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Barb\Desktop\MBR.dat"
23:00:19.609 The log file has been saved successfully to "C:\Documents and Settings\Barb\Desktop\aswMBR.txt"
23:00:39.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Barb\Desktop\MBR.dat"
23:00:39.562 The log file has been saved successfully to "C:\Documents and Settings\Barb\Desktop\aswMBR.txt"
_______________________________________________________

Hope I did this right. This is a first for me.
Thanks.

#4
Essexboy

Posted 20 July 2012 - 05:33 AM

GeekU Moderator

Retired Staff
69,964 posts

Does this happen in all browsers or just one ?

Go Start > Run
Type in CMD and press enter
A black command box will open
Copy/Paste the following commands pressing enter after each :

ipconfig /release
ipconfig /renew

Are the redirects still present ?

#5
Sillycat41

Posted 20 July 2012 - 08:49 AM

Member

Topic Starter
Member
15 posts

Not sure because I use Firefox about 95% of the time. Will test IE and see. Also will do the ipconfig release and see what happens. Like I said, it only redirects occasionally... not with every Google search. Apparently you didn't see anything obvious in those logs, right?

#6
Essexboy

Posted 20 July 2012 - 09:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Yep that is why I am flushing the DNS

Also run the following programme on completion

Is it only firefox ?

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear.

Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

#7
Sillycat41

Posted 20 July 2012 - 12:52 PM

Member

Topic Starter
Member
15 posts

Haven't had a chance to surf much today so I don't know if the redirect virus is also in Internet Explorer. It don't happen all the time in Firefox and so far none today. Could it be a corrupt Add-on?? Would a System Restore remove this virus? May have to do that, but wanted to find a fix if possible.

Okay, I ran ipconfig... flushed the DNS. Then I ran Gooredfix... here are the results of the scan:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:48 on 20/07/2012 (Barb)
Firefox version 12.0 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:59 10/05/2010]

C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\apgasrmx.default\extensions\
[email protected] [23:58 07/12/2010]
[email protected] [13:53 30/05/2012]
{3112ca9c-de6d-4884-a869-9855de68056c} [04:38 23/12/2010]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [15:42 26/04/2012]
{ada4b710-8346-4b82-8199-5de2b400a6ae} [15:08 30/04/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:01 28/11/2010]
"[email protected]"="C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox" [18:46 03/12/2010]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [18:46 03/12/2010]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:32 07/12/2010]
"[email protected]"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [03:06 16/03/2011]
"[email protected]"="C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\" [01:10 01/07/2012]

---------- Old Logs ----------
GooredFix[01.50.15_16-07-2012].txt
GooredFix[18.46.22_20-07-2012].txt

-=E.O.F=-

#8
Essexboy

Posted 20 July 2012 - 12:55 PM

GeekU Moderator

Retired Staff
69,964 posts

Hold off on the restore for the moment, meanwhile see if the redirects occur. If they do we will take it from there

#9
Sillycat41

Posted 20 July 2012 - 07:24 PM

Member

Topic Starter
Member
15 posts

Okay. Just got a chance to surf a little. Used IE instead of Firefox to test it. The security alert below popped up several times for different sites. Does this mean that IE detected a problem? Could this mean that Firefox has been compromised??

"You are about to leave a secure Internet connection. It
will be possible for others to view information you send.
Do you want to continue?
Yes No More Info"

You must like puzzles to hang in there!!

#10
Essexboy

Posted 21 July 2012 - 05:13 AM

GeekU Moderator

Retired Staff
69,964 posts

OK that is a little IE warning when you leave a secure site and is a bit of a pain

Go to Control Panel > Internet Options
Select the Advanced Tab
Click restore Advanced Settings
Restart IE and that should now be gone

[attachment=59089:Capture.GIF]

So it appears that the problem is only in Firefox

Could you start Firefox in safe mode
Details here

Then run Firefox and let me know if the problem persists

#11
Sillycat41

Posted 22 July 2012 - 07:40 AM

Member

Topic Starter
Member
15 posts

Okay, restored Advanced settings in IE which fixed that little problem. Haven't had a chance to surf much to test either Firefox or IE.... or your instructions for Firefox in Safe Mode. (Printer those out to test later today.) Haven't had any redirects in several days... but like I said haven't surfed much. I did delete my history which I hadn't done before. Wondering if it resurfaced from there. I'll get a chance to test it more tomorrow. Thanks again for your help.

#12
Essexboy

Posted 22 July 2012 - 07:45 AM

GeekU Moderator

Retired Staff
69,964 posts

Not a problem, I like unusual ones :lol:

#13
Essexboy

Posted 26 July 2012 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#14
Essexboy

Posted 28 July 2012 - 07:25 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

Could you start Firefox in safe mode please.. Details are here

Then in safe mode enable the addons one at a time, checking for redirects in between
When the redirects start again disable the last addon and let me know which one it was

#15
Sillycat41

Posted 28 July 2012 - 07:36 AM

Member

Topic Starter
Member
15 posts

Thanks for opening this session again. Okay, I'm still surfing with Firefox in Safe Mode and will start the test of enabling the add-ons one at a time. Will let you know what I find. Thanks.