Avast WEBforum
Other => Viruses and worms => Topic started by: blakerush on April 24, 2012, 03:02:25 AM
-
Hi everybody. Newbie here. I encountered a problem with a svchost.exe virus or malware on my work computer last week. My PC got extremely slow and a blue screen appeared twice shutting down my computer. I already had Norton Internet Security running, but apparently that did not catch it. So yesterday, I downloaded various virus scanning and antispyware applications (Paretologic PC Health Advisor, Malwarebytes, Avast, and SuperAntiSpyware) to clean and then protect my PC. Per this board's recommendations, I have removed NIS and am currently running Avast, MBAM and SAS.
Unfortunately, I keep receiving Avast notices stating that it has blocked two malicious URL's (ololoshaface.com and c2pokerface.com) from svchost.exe that I am not trying to access. So it seems that I still have some type of problem and my system has crashed numerous times today when I have been attempting to address the problem or simply had multiple windows open. I tried to attach screenshots of the Avast malicious URL notices but for some reason it wouldn't work. Below are my MBAM, OTL, and aswMBR logs (I apologize if i did this incorrectly, my first time doing this):
MBAM logs (in order):
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.22.02
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]
Protection: Disabled
4/22/2012 12:18:27 PM
mbam-log-2012-04-22 (12-18-27).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241747
Time elapsed: 20 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]
Protection: Enabled
4/23/2012 6:45:40 PM
mbam-log-2012-04-23 (18-45-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209628
Time elapsed: 19 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
2012/04/22 13:45:27 -0400 PC-BLAKE Blake MESSAGE Starting protection
2012/04/22 13:45:36 -0400 PC-BLAKE Blake MESSAGE Protection started successfully
2012/04/22 13:45:39 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/22 13:45:41 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/22 13:46:09 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:14 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:17 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:23 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:29 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:32 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:35 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:38 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:44 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:47:29 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:32 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:38 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:50 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:53 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:59 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:48:25 -0400 PC-BLAKE Blake MESSAGE Executing scheduled update: Daily
2012/04/22 13:48:26 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:29 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:35 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:47 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:48 -0400 PC-BLAKE Blake MESSAGE Database already up-to-date
2012/04/22 13:48:50 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:56 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:49:14 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:17 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:23 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:35 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:38 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:44 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 14:27:16 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/22 14:27:29 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/22 14:27:32 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/22 14:29:33 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 07:44:39 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 07:44:48 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 07:44:51 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 07:47:21 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 07:48:05 -0400 PC-BLAKE Blake MESSAGE Executing scheduled update: Daily
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Starting database refresh
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Scheduled update executed successfully: database updated from version v2012.04.22.02 to version v2012.04.23.03
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 07:48:29 -0400 PC-BLAKE Blake MESSAGE Database refreshed successfully
2012/04/23 07:48:32 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/23 07:48:34 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 08:26:17 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 08:26:17 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 08:43:06 -0400 PC-BLAKE Blake DETECTION C:\Documents and Settings\Blake\Local Settings\Temp\0.40677490613151357 Exploit.Drop.9 ALLOW
2012/04/23 11:29:05 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 11:29:18 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 11:29:21 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 11:31:06 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 13:42:56 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 13:43:10 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 13:43:13 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 13:45:57 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 14:24:13 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 14:24:22 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 14:24:25 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 14:25:56 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 15:28:03 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 15:28:14 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 15:28:17 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 15:29:38 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE Starting database refresh
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 18:45:19 -0400 PC-BLAKE Blake MESSAGE Database refreshed successfully
2012/04/23 18:45:19 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/23 18:45:22 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 19:14:28 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:14:41 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:14:44 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:16:36 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 19:24:51 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:24:59 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:25:02 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:27:47 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:28:01 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:28:04 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:29:54 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 20:10:50 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 20:11:10 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 20:11:13 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 20:14:02 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
-
OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
-
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
-
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
-
========== Files/Folders - Created Within 30 Days ==========
[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
-
========== Files - Modified Within 30 Days ==========
[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () -- C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
-
========== Files Created - No Company Name ==========
[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () -- C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2012/04/22 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< >
< End of report >
-
OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
-
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
-
O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10
-
========== Files/Folders - Created Within 30 Days ==========
[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | ---D | C] -- C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
-
========== Files - Modified Within 30 Days ==========
[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () -- C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () -- C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () -- C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () -- C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
-
========== LOP Check ==========
[2012/04/22 13:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< >
< End of report >
-
OTL Extra Log:
OTL Extras logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
-
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.XWin.exe" = C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.XWin.exe:*:Enabled:C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.Xwin.exe -- (Gavel & Gown Software Inc.)
"C:\Program Files\Canon\DIAS\CnxDIAS.exe" = C:\Program Files\Canon\DIAS\CnxDIAS.exe:*:Enabled:Canon Driver Information Assist Service -- (CANON INC.)
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\Blake\Local Settings\Temp\7zS3.tmp\SymNRT.exe" = C:\Documents and Settings\Blake\Local Settings\Temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Blake\Local Settings\Temp\7zS5.tmp\SymNRT.exe" = C:\Documents and Settings\Blake\Local Settings\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Blake\Local Settings\Temp\7zS6.tmp\SymNRT.exe" = C:\Documents and Settings\Blake\Local Settings\Temp\7zS6.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\Blake\Local Settings\Temp\7zS8.tmp\SymNRT.exe" = C:\Documents and Settings\Blake\Local Settings\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office14\WINWORD.EXE:*:Enabled:Microsoft Word -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{347C3C03-E2E5-41B1-8DD7-E65993348B5E}" = Amicus Attorney Premium Workstation 2011
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D336556-69A2-4566-8EBD-0464C253C2E4}" = CIS 2.2
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E1DB401-0120-4870-8048-423AF9F6297B}" = SupportCalc PA
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
-
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A47D08BF-E95A-47FB-A42F-8FCB0351339C}" = Amicus Attorney Premium Tasks Toolbar
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D661A28E-3922-4484-84EA-5A3C924369E6}" = Amicus Merge Toolbar
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Internet Security
"BB FlashBack Pro 3" = BB FlashBack Pro 3
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"Express ClickYes" = Express ClickYes 1.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PCLaw" = LexisNexis PCLaw
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format Runtime
========== Last 10 Event Log Errors ==========
[ Amicus Attorney Events ]
Error - 4/20/2012 11:14:58 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:14:58 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:
Error - 4/20/2012 11:16:22 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:16:22 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.Net.Sockets.SocketException Message: A connection attempt failed because
the connected party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond 192.168.2.25:49259
HelpLink:
StackTrace Information ********************************************* at AmicusAttorney.XOL.Client.AmicusCustomProxy.Invoke(IMessage
msg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at AmicusAttorney.XOL.Shared.ManagerInterfaces.IManagerBase.GetListRemote(Byte[]
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.ManagerBaseProxy.GetList(SearchFilterBase
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.CommunicationManagerProxy.GetList(CommunicationSearchFilter
filter, Boolean includeUnsavedEmails) at AmicusAttorney.Providers.DataProvider.DataSourceCacheProvider.GetData(GetDataInfo
info, SearchFilterBase& searchFilterBase) at AmicusAttorney.Providers.DataProvider.CommProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
Error - 4/20/2012 11:16:22 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:16:22 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:
Error - 4/20/2012 11:17:04 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:17:04 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.Net.Sockets.SocketException Message: A connection attempt failed because
the connected party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond 192.168.2.25:49259
HelpLink:
StackTrace Information ********************************************* at AmicusAttorney.XOL.Client.AmicusCustomProxy.Invoke(IMessage
msg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at AmicusAttorney.XOL.Shared.ManagerInterfaces.IManagerBase.GetListRemote(Byte[]
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.ManagerBaseProxy.GetList(SearchFilterBase
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.CommunicationManagerProxy.GetList(CommunicationSearchFilter
filter, Boolean includeUnsavedEmails) at AmicusAttorney.Providers.DataProvider.DataSourceCacheProvider.GetData(GetDataInfo
info, SearchFilterBase& searchFilterBase) at AmicusAttorney.Providers.DataProvider.CommProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
-
Error - 4/20/2012 11:17:04 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:17:04 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:
Error - 4/20/2012 1:22:01 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 1:22:01 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: InvalidSession.
System will now shut down. HelpLink:
Error - 4/20/2012 3:28:31 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 3:28:31 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************
at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
Error - 4/22/2012 6:21:34 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/22/2012 6:21:34 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************
at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
Error - 4/23/2012 3:01:44 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/23/2012 3:01:44 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************
at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
Error - 4/23/2012 6:17:00 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/23/2012 6:17:00 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************
at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object[] _list)
[ Application Events ]
Error - 4/19/2012 2:54:21 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application AmicusAttorney.Xwin.exe, version 11.5.0.4, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/19/2012 2:54:23 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application AmicusAttorney.Xwin.exe, version 11.5.0.4, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/22/2012 1:50:49 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/23/2012 1:51:06 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11704
Description = Product: Google Update Helper -- Error 1704. An installation for Roxio
Media Manager is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?
Error - 4/23/2012 3:32:16 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11706
Description = Product: Amicus Attorney Premium Workstation 2011 -- Error 1706.No
valid source could be found for product Amicus Attorney Premium Workstation 2011.
The Windows Installer cannot continue.
Error - 4/23/2012 3:35:51 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11706
Description = Product: Amicus Attorney Premium Workstation 2011 -- Error 1706.No
valid source could be found for product Amicus Attorney Premium Workstation 2011.
The Windows Installer cannot continue.
[ System Events ]
Error - 4/23/2012 7:15:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%1053
Error - 4/23/2012 7:15:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
-
Error - 4/23/2012 7:25:03 PM | Computer Name = PC-BLAKE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b9f1571d, parameter3
a760b580, parameter4 00000000.
Error - 4/23/2012 7:25:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.
Error - 4/23/2012 7:25:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 4/23/2012 7:28:24 PM | Computer Name = PC-BLAKE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b9f1571d, parameter3
a73ff580, parameter4 00000000.
Error - 4/23/2012 7:28:26 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.
Error - 4/23/2012 7:28:26 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.
Error - 4/23/2012 7:41:12 PM | Computer Name = PC-BLAKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4/23/2012 7:42:28 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
< End of report >
aswMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 19:51:32
-----------------------------
19:51:32.953 OS Version: Windows 5.1.2600 Service Pack 3
19:51:32.953 Number of processors: 2 586 0x170A
19:51:32.953 ComputerName: PC-BLAKE UserName: Blake
19:51:34.859 Initialize success
19:51:35.671 AVAST engine defs: 12042301
19:51:47.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:51:47.703 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
19:51:47.703 Device \Driver\atapi -> DriverStartIo 89ff62e2
19:51:47.718 Disk 0 MBR read successfully
19:51:47.734 Disk 0 MBR scan
19:51:48.171 Disk 0 Windows XP default MBR code
19:51:48.171 Disk 0 MBR hidden
19:51:48.203 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 305234 MB offset 63
19:51:48.421 Disk 0 scanning sectors +625121280
19:51:48.609 Disk 0 scanning C:\WINDOWS\system32\drivers
19:52:02.218 Service scanning
19:52:36.718 Modules scanning
19:52:40.984 Disk 0 trace - called modules:
19:52:41.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89ff64b1]<<
19:52:41.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a0f2ab8]
19:52:41.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a100f18]
19:52:41.125 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> [0x8a1dc030]
19:52:41.156 \Driver\atapi[0x8a07a030] -> IRP_MJ_CREATE -> 0x89ff64b1
19:52:42.359 AVAST engine scan C:\WINDOWS
19:52:48.156 AVAST engine scan C:\WINDOWS\system32
19:54:41.046 AVAST engine scan C:\WINDOWS\system32\drivers
19:54:52.187 AVAST engine scan C:\Documents and Settings\Blake
[img]19:59:36.484 AVAST engine scan C:\Documents and Settings\All Users
19:59:55.281 Scan finished successfully
20:00:23.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Blake\Desktop\MBR.dat"
20:00:23.421 The log file has been saved successfully to "C:\Documents and Settings\Blake\Desktop\aswMBR.txt"
-
I AM FINALLY DONE POSTING ALL OF THE LOGS. HOLY SHIT THAT TOOK FOREVER GIVEN THE SPACE RESTRICTIONS. DID I DO SOMETHING WRONG?
-
When you reply, if you click "attachments and other options" (right below the text input box), you can attach logs to your post, instead of copy/pasting them. This way, it makes it faster for you, and also prevents you from needing to split each log into multiple posts.
-
blakerush, welcome to the forums.
Sorry you had to copy and paste the logs as you did. As Camo says, attaching the logs at the bottom of the text box you are working in is all you need to do.
See image attached below.
This should give you the idea on where this feature is. Note that there is a total size limit of attached files of 4 per post, and maximum total file size of 192KB, one file maximum of 200KB.
It seems that a post re whatever symptoms your computer has is missing; all that one can see are the various logs of scans run. No obvious information as to type of operating system, avast! version, name of malware detected, etc. To help here, please read and follow the http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) post by essexboy on how to post logs in cleaning malware.
A certified malware specialist will be along shortly. Hope this helps.