Solved Multiple system attacks

Jim911Fire · 2012/02/04

Chrome is installed. I had only used it a few time and stopped. It does not appear to be affected.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:06 on 04/02/2012 (Jim)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:34 26/01/2012]

C:\Users\Jim\Application Data\Mozilla\Firefox\Profiles\lf4vcbly.default\extensions\
{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash [04:48 27/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

broni · 2012/02/04

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1:9421
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = 127.0.0.1:9421
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanc...instmodule.exe (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===========================================================

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Jim911Fire · 2012/02/04

OTL logfile created on: 2/4/2012 12:32:31 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jim\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.78% Memory free
8.99 Gb Paging File | 7.52 Gb Available in Paging File | 83.59% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.71 Gb Total Space | 17.28 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 140.30 Gb Free Space | 94.13% Space Free | Partition Type: NTFS
Drive E: | 7.27 Gb Total Space | 0.72 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive F: | 1.08 Gb Total Space | 1.04 Gb Free Space | 96.09% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2011/11/06 16:00:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/09/01 16:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 16:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator)
SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator)
SRV - File not found [Auto | Stopped] -- -- (ArcGIS License Manager)
SRV - [2012/01/31 15:18:31 | 003,342,112 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_e286960.dll -- (Akamai)
SRV - [2011/11/06 16:00:48 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/10/12 16:01:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/03 13:00:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/10 17:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/03/10 17:10:46 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/15 16:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 13:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2012/02/01 14:44:06 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/11/15 20:09:50 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2011/11/06 16:00:46 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/11/06 16:00:46 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/16 21:40:01 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/17 10:49:31 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2011/08/17 10:28:50 | 000,013,224 | ---- | M] (Chicony) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\i8042HDR.sys -- (i8042HDR)
DRV - [2011/07/01 01:01:20 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/06 15:19:16 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/10 17:02:30 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/03/10 17:00:10 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/03/10 15:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/24 23:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/09/02 02:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/16 07:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 07:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 07:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/08/23 06:29:42 | 000,037,120 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2007/08/23 06:29:42 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/01 04:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 06:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 09:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {D02B1E87-A8C6-433f-9B5C-2CEC4A072736}:04.10.01.03
FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Jim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 4\components [2011/11/10 08:52:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins [2011/11/10 08:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/26 07:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 08:52:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/02 15:31:48 | 000,000,000 | ---D | M]

[2010/07/02 16:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2012/02/03 20:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lf4vcbly.default\extensions
[2010/07/02 16:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\lf4vcbly.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash
[2012/01/26 07:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\ADMIN@YOUTUBEFOR2012.COM.XPI
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LF4VCBLY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Jim911Fire · 2012/02/04

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/31 19:39:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B791D8-773B-4AD9-8574-237F0B38F98D}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\GooredFix Backups
[2012/02/04 12:06:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jim\Desktop\GooredFix.exe
[2012/02/04 08:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C082FD9F-FC9E-44FE-A5DD-1E1DB0C808D7}
[2012/02/03 21:57:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 20:30:57 | 004,394,794 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{112A2373-C6F5-4144-AF19-1D43EA7CEE26}
[2012/02/03 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0B03A76C-B5B7-47CD-8C41-F3F1AE1FB81E}
[2012/02/03 13:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2012/02/03 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D896E0F-E7EA-49C0-B264-8E846057CFB5}
[2012/02/03 12:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{797B7ED0-6687-44AB-AEE6-8C898EA4B0AB}
[2012/02/03 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\email storage
[2012/02/03 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{98B04880-C883-4BDF-A3EE-046EF25D6BC3}
[2012/02/03 10:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2218FAA8-C6EB-45BE-B945-179FEC678838}
[2012/02/03 00:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1ADFA923-2437-44F5-B95C-9BCDDD4A895D}
[2012/02/02 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D385A999-D1CD-4A55-BB34-69A02C342266}
[2012/02/02 23:17:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E22E55B4-812A-4484-8CF3-D8B4A357B15B}
[2012/02/02 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7FF10DF5-140A-4FCC-A539-043DA5AA28F9}
[2012/02/02 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{92C37439-6CB8-40D4-99BC-0CE8DA6572B9}
[2012/02/02 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BF344893-5817-4689-A189-DADC9EE5F6B3}
[2012/02/02 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FEA46AD1-8CDB-4F78-8133-37F5D7192EA6}
[2012/02/02 19:56:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/02 18:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/02 17:53:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{139002A5-A096-4A2F-8C39-4CB98B09CB83}
[2012/02/02 17:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{24B3C0C1-9079-42CD-8E1A-11C2BDFB428F}
[2012/02/01 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1EB4BC61-EA55-4179-A669-DBE984895C1E}
[2012/02/01 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8E384797-DF3E-4422-891A-649EE6EDE912}
[2012/02/01 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{574F5EAB-B572-416E-ACE4-00F853A7B242}
[2012/02/01 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C7D4CE4E-4402-48EB-9467-A6BAA81FED9F}
[2012/02/01 11:40:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5B6F2543-16FE-4122-BE9B-836FE94C69AA}
[2012/02/01 11:39:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8B602684-D8FF-4C30-9775-4DA31530BAFA}
[2012/01/31 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2012/01/31 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{DCA7A2D2-BA44-4B7F-B272-CE98CE94E430}
[2012/01/31 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CAD27975-520A-4956-A87A-763775D5F359}
[2012/01/31 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2F8888DE-2B1F-4D00-BAEF-A4100911534A}
[2012/01/31 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B3871551-51CA-4FF1-832A-95D769620FD5}
[2012/01/31 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/31 14:37:08 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/31 14:37:08 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/31 14:37:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/31 14:37:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/30 22:38:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FD9534F8-D348-4C58-A9DD-F38A03BDC413}
[2012/01/30 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EA3F6A93-1475-4936-A897-B6AC955EFA71}
[2012/01/30 09:20:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/30 00:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 00:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 00:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 00:19:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 00:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0020517A-7462-42F4-AC2D-70C1A6595554}
[2012/01/29 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D428D4FB-808C-4419-A62E-844C0694DFE4}
[2012/01/28 21:51:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CC9EB423-2C06-4DEC-AE02-0DECDBE1338E}
[2012/01/28 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2C51C2D1-1E36-4E9A-9C86-98553B989451}
[2012/01/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58D5DC70-3DCA-4A67-A1AF-87A329658937}
[2012/01/25 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D43E982-D4D1-45D7-B953-590705E5D188}
[2012/01/25 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/01/25 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F1DFE142-FCC9-4C3B-817D-813A0F4CD057}
[2012/01/25 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4B5038CD-44B8-4693-B45F-A68E36EB5D38}
[2012/01/25 00:21:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{329EC6E0-C8B1-4522-844C-22D3DF73A1D5}
[2012/01/25 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{89F001E8-1041-45C5-BDBB-C8FBEFDB522E}
[2012/01/24 10:35:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5236C534-F9B3-46B5-8253-1F19AE2DCAB8}
[2012/01/24 10:35:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2A4C67E8-254F-4C2D-AC35-AC5CDE6C5346}
[2012/01/23 21:57:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D138BDC8-4EA1-4F71-8FC1-B3A90C04FCDE}
[2012/01/23 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{064965A4-ECB1-4913-B171-F7C5D6B1BE24}
[2012/01/22 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F602AB2C-2D1B-4DC2-B1C6-8FC3D07A6F77}
[2012/01/22 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{455DEFF9-2257-41E2-93D4-378668D3E394}
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/20 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A34090C8-74FC-45AC-85EA-BD601C0B98F2}
[2012/01/20 21:22:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{03EAB1DF-6322-4632-AD97-3925793E1CAE}
[2012/01/20 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F5B840F0-8339-4B5F-99C1-D11E79DEA112}
[2012/01/20 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B06E515D-0844-45DB-A514-D7D5FD2A1003}
[2012/01/19 16:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B62551F8-BD5E-4250-BEA3-D2D95B0A6583}
[2012/01/18 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0A890FB9-60A3-4887-A523-8EF968F6EA63}
[2012/01/18 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C559914D-4B10-4545-B736-278CB0B92268}
[2012/01/17 21:27:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{286AA0EB-68F2-4FFD-B28C-32544268F25D}
[2012/01/17 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3B41190A-30C2-464A-9ABE-FD6F78D9A7E6}
[2012/01/17 21:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0C1BD8CE-17A5-4C73-9943-8C93FC59C559}
[2012/01/17 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3F933675-7A40-405F-BA4B-0F74A041FD55}
[2012/01/16 21:12:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5EA93AC1-8CDF-406E-81F8-D60FCE05A70B}
[2012/01/16 21:12:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3705F6FF-D6F8-48EF-92BE-B0C707429A57}
[2012/01/16 18:53:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{40230CA4-29F9-4E1B-83DE-CE875FB120AE}
[2012/01/16 18:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{53FA5E8B-B187-4FB3-820A-7FA79C6D1097}
[2012/01/16 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{02C76EA5-DC07-4880-A953-1AF5E609382E}
[2012/01/16 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{86570867-E2AE-4B64-95EA-21370FD0FD03}
[2012/01/16 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1FB0D6CD-9EB2-4298-933C-2929D43743E6}
[2012/01/16 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B1F86998-E471-40E7-8510-E68B926FE8EF}
[2012/01/13 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E76747F9-FE11-45C1-990F-986A99CA1BE0}
[2012/01/13 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7BD64BD1-54B5-43C8-B3A2-9C1262E93149}
[2012/01/12 22:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{74A64CDD-E886-4A61-9669-816095380105}
[2012/01/12 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{17568FC1-E11C-48B1-BAD2-2453C5AE1466}
[2012/01/12 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9A2CBB75-2822-4FC5-8FA8-CDD91A7CB1EE}
[2012/01/11 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{72A6593C-15CB-4D9F-B03D-420BF4643A11}
[2012/01/11 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5568FB31-AC5A-4CE8-A6E4-A6470932C191}
[2012/01/09 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{34AF53AA-57FC-4E21-9492-A6299FE56CD6}
[2012/01/09 22:05:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{986DFB5D-919B-4032-B021-F73181F13872}
[2012/01/07 20:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{AEC1D457-871D-4671-AFD4-1AFC5CD22ABE}
[2012/01/07 20:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F639AC1B-6B4C-4CB4-9C78-C1D77A774AAB}
[2012/01/07 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A14B9DA0-7A58-4ACB-BEB9-23DD41E1DDA9}
[2012/01/07 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9966E467-D0FF-49C4-84CF-CD035FE79668}
[2012/01/06 22:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{962555A7-5FE0-4145-BCA6-C9ADC2986787}
[2012/01/06 22:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B34BA275-449E-4E98-9F77-2DCB9E820C0D}
[2012/01/06 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F394834A-1715-4347-8A7B-589CE22D490A}
[2012/01/06 13:55:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D3DA910C-8F67-41C0-B200-E87EC5B2FE91}
[2012/01/06 10:31:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C413AF6F-86F9-484D-AAAC-F8D07D5AD865}
[2012/01/06 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CDA2156C-0764-445A-AAE7-47EEC65C12D9}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 12:06:09 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jim\Desktop\GooredFix.exe
[2012/02/04 12:03:16 | 000,002,203 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
[2012/02/04 11:38:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 10:30:30 | 000,713,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 10:30:30 | 000,141,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 08:14:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 07:57:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 07:56:44 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 20:32:02 | 004,394,794 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:50:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 20:28:22 | 000,705,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | M] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 19:49:30 | 000,000,402 | ---- | M] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/02/01 14:44:06 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/01 13:42:53 | 000,000,512 | ---- | M] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120202-195838.backup
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 22:03:17 | 007,772,316 | ---- | M] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 20:17:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/30 10:21:08 | 000,752,745 | ---- | M] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/30 10:20:57 | 000,228,573 | ---- | M] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/30 09:05:22 | 000,294,061 | ---- | M] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/29 01:16:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/29 01:16:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/27 21:41:24 | 000,001,055 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:19 | 000,000,420 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/26 07:35:17 | 000,001,851 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 07:34:48 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/22 17:05:09 | 000,000,036 | ---- | M] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | M] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | M] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:14 | 000,146,440 | ---- | M] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:54:21 | 000,472,734 | ---- | M] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | M] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | M] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 12:03:16 | 000,002,203 | ---- | C] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
[2012/02/02 18:29:26 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | C] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 13:42:53 | 000,000,512 | ---- | C] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/30 22:03:17 | 007,772,316 | ---- | C] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 09:05:22 | 000,294,061 | ---- | C] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/30 08:57:42 | 000,000,402 | ---- | C] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/01/30 00:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 00:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 00:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 00:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 00:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 21:56:26 | 2414,682,112 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 21:41:24 | 000,001,055 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:18 | 000,000,420 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/22 20:28:59 | 000,752,745 | ---- | C] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/22 20:27:29 | 000,228,573 | ---- | C] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | C] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | C] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:13 | 000,146,440 | ---- | C] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:53:25 | 000,472,734 | ---- | C] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | C] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | C] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[2011/09/13 17:51:15 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/09/13 15:21:02 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/05/11 20:31:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4D5CFEE444.sys
[2011/05/11 20:31:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/20 09:23:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/20 09:23:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/09 20:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/27 12:44:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 23:50:07 | 000,000,036 | ---- | C] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2010/10/06 15:02:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/05 20:02:38 | 000,007,610 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/07/13 19:57:38 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\prvlcl.dat
[2010/07/08 16:10:39 | 000,218,199 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/07/08 16:10:38 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/07/07 09:29:07 | 000,182,023 | ---- | C] () -- C:\Windows\hpwins14.dat.osupcopy
[2010/07/07 09:28:46 | 000,179,661 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2010/07/07 09:28:45 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2010/07/04 18:12:59 | 000,013,824 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 17:11:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 16:34:08 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/02 16:25:27 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/01 23:55:08 | 000,018,414 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2010/02/08 07:23:01 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/08 07:03:25 | 000,077,374 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 23:23:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/07 12:29:59 | 000,002,332 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2009/09/17 09:25:19 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 11:52:57 | 000,188,627 | ---- | C] () -- C:\Windows\hpwins22.dat
[2009/07/16 11:52:57 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,705,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,713,806 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,141,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/07 05:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/19 10:20:51 | 000,151,692 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/14 22:53:16 | 000,000,004 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\3084DF
[2009/06/14 22:53:15 | 000,870,128 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\mcs.rma
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/12 17:58:28 | 000,102,400 | ---- | C] () -- C:\Windows\NOAA_32.DLL
[2009/02/26 20:54:57 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/02/15 23:24:01 | 000,441,856 | ---- | C] () -- C:\Program Files\xpodclone.exe
[2009/02/15 12:40:21 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.001
[2009/02/15 12:40:18 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/22 10:05:42 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/06/19 03:06:53 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/07/02 16:06:04 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Bytemobile
[2010/07/02 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\acccore
[2011/08/20 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Amazon
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AT&T
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2011/04/30 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG
[2011/02/09 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG9
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blackberry Desktop
[2010/09/27 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blitware
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Bytemobile
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DriverCure
[2012/02/04 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Dropbox
[2010/07/12 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\eFax Messenger
[2011/10/12 10:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\esri
[2010/07/02 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Facebook
[2011/02/25 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Fluent
[2011/02/09 11:25:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GARMIN
[2010/04/06 16:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRightToGo
[2010/07/12 15:00:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\j2 Global
[2010/07/02 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\JExpress
[2012/02/03 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2010/07/02 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NCH Swift Sound
[2011/09/13 17:51:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenCandy
[2012/01/30 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PrimoPDF
[2010/09/29 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Research In Motion
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sierra Wireless
[2010/08/06 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2010/01/17 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\The Ringtone Maker Plus
[2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2010/07/02 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2010/11/12 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2011/10/17 08:13:56 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< Code: >

< >

< :OTL >

< SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing) >

< SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator) >

< SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator) >

< SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator) >

< IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found >

< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 >

< IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found >

< IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 >

< FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003 >

< O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. >

< O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. >

< O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet) >

< O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanc...instmodule.exe (Reg Error: Key error.) >
Invalid Switch: advanc...instmodule.exe (Reg Error: Key error.)

< O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

< [2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue >
Invalid Switch: 06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream >

< @Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4 >

< @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34 >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyjava] >

< [emptyflash] >

< [Reboot] >

========== Files - Unicode (All) ==========
[2010/01/23 17:08:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2010/01/23 17:08:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2009/12/07 11:43:21 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/12/07 11:43:21 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/11/07 15:19:20 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ
[2009/11/07 15:19:20 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Jim911Fire · 2012/02/04

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/01/31 19:39:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advan...amfrogweb.com-advanced-2.0.2.3_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44B791D8-773B-4AD9-8574-237F0B38F98D}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\GooredFix Backups
[2012/02/04 12:06:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Jim\Desktop\GooredFix.exe
[2012/02/04 08:14:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C082FD9F-FC9E-44FE-A5DD-1E1DB0C808D7}
[2012/02/03 21:57:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 20:30:57 | 004,394,794 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{112A2373-C6F5-4144-AF19-1D43EA7CEE26}
[2012/02/03 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0B03A76C-B5B7-47CD-8C41-F3F1AE1FB81E}
[2012/02/03 13:02:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2012/02/03 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D896E0F-E7EA-49C0-B264-8E846057CFB5}
[2012/02/03 12:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{797B7ED0-6687-44AB-AEE6-8C898EA4B0AB}
[2012/02/03 10:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\email storage
[2012/02/03 10:31:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{98B04880-C883-4BDF-A3EE-046EF25D6BC3}
[2012/02/03 10:30:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2218FAA8-C6EB-45BE-B945-179FEC678838}
[2012/02/03 00:41:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1ADFA923-2437-44F5-B95C-9BCDDD4A895D}
[2012/02/02 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D385A999-D1CD-4A55-BB34-69A02C342266}
[2012/02/02 23:17:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E22E55B4-812A-4484-8CF3-D8B4A357B15B}
[2012/02/02 21:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7FF10DF5-140A-4FCC-A539-043DA5AA28F9}
[2012/02/02 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{92C37439-6CB8-40D4-99BC-0CE8DA6572B9}
[2012/02/02 20:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BF344893-5817-4689-A189-DADC9EE5F6B3}
[2012/02/02 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FEA46AD1-8CDB-4F78-8133-37F5D7192EA6}
[2012/02/02 19:56:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/02 18:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/02 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/02/02 17:53:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{139002A5-A096-4A2F-8C39-4CB98B09CB83}
[2012/02/02 17:52:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{24B3C0C1-9079-42CD-8E1A-11C2BDFB428F}
[2012/02/01 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1EB4BC61-EA55-4179-A669-DBE984895C1E}
[2012/02/01 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8E384797-DF3E-4422-891A-649EE6EDE912}
[2012/02/01 18:57:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{574F5EAB-B572-416E-ACE4-00F853A7B242}
[2012/02/01 18:57:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C7D4CE4E-4402-48EB-9467-A6BAA81FED9F}
[2012/02/01 11:40:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5B6F2543-16FE-4122-BE9B-836FE94C69AA}
[2012/02/01 11:39:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8B602684-D8FF-4C30-9775-4DA31530BAFA}
[2012/01/31 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\temp
[2012/01/31 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{DCA7A2D2-BA44-4B7F-B272-CE98CE94E430}
[2012/01/31 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CAD27975-520A-4956-A87A-763775D5F359}
[2012/01/31 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2F8888DE-2B1F-4D00-BAEF-A4100911534A}
[2012/01/31 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B3871551-51CA-4FF1-832A-95D769620FD5}
[2012/01/31 14:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/31 14:37:08 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/01/31 14:37:08 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/01/31 14:37:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/01/31 14:37:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/01/30 22:38:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FD9534F8-D348-4C58-A9DD-F38A03BDC413}
[2012/01/30 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EA3F6A93-1475-4936-A897-B6AC955EFA71}
[2012/01/30 09:20:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/30 09:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/01/30 00:19:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/30 00:19:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/30 00:19:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/30 00:19:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 00:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0020517A-7462-42F4-AC2D-70C1A6595554}
[2012/01/29 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D428D4FB-808C-4419-A62E-844C0694DFE4}
[2012/01/28 21:51:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CC9EB423-2C06-4DEC-AE02-0DECDBE1338E}
[2012/01/28 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2C51C2D1-1E36-4E9A-9C86-98553B989451}
[2012/01/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58D5DC70-3DCA-4A67-A1AF-87A329658937}
[2012/01/25 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6D43E982-D4D1-45D7-B953-590705E5D188}
[2012/01/25 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012/01/25 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F1DFE142-FCC9-4C3B-817D-813A0F4CD057}
[2012/01/25 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4B5038CD-44B8-4693-B45F-A68E36EB5D38}
[2012/01/25 00:21:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{329EC6E0-C8B1-4522-844C-22D3DF73A1D5}
[2012/01/25 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{89F001E8-1041-45C5-BDBB-C8FBEFDB522E}
[2012/01/24 10:35:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5236C534-F9B3-46B5-8253-1F19AE2DCAB8}
[2012/01/24 10:35:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2A4C67E8-254F-4C2D-AC35-AC5CDE6C5346}
[2012/01/23 21:57:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D138BDC8-4EA1-4F71-8FC1-B3A90C04FCDE}
[2012/01/23 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{064965A4-ECB1-4913-B171-F7C5D6B1BE24}
[2012/01/22 19:46:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F602AB2C-2D1B-4DC2-B1C6-8FC3D07A6F77}
[2012/01/22 19:45:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{455DEFF9-2257-41E2-93D4-378668D3E394}
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/01/22 16:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/20 21:23:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A34090C8-74FC-45AC-85EA-BD601C0B98F2}
[2012/01/20 21:22:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{03EAB1DF-6322-4632-AD97-3925793E1CAE}
[2012/01/20 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F5B840F0-8339-4B5F-99C1-D11E79DEA112}
[2012/01/20 20:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B06E515D-0844-45DB-A514-D7D5FD2A1003}
[2012/01/19 16:21:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B62551F8-BD5E-4250-BEA3-D2D95B0A6583}
[2012/01/18 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0A890FB9-60A3-4887-A523-8EF968F6EA63}
[2012/01/18 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C559914D-4B10-4545-B736-278CB0B92268}
[2012/01/17 21:27:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{286AA0EB-68F2-4FFD-B28C-32544268F25D}
[2012/01/17 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3B41190A-30C2-464A-9ABE-FD6F78D9A7E6}
[2012/01/17 21:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0C1BD8CE-17A5-4C73-9943-8C93FC59C559}
[2012/01/17 21:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3F933675-7A40-405F-BA4B-0F74A041FD55}
[2012/01/16 21:12:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5EA93AC1-8CDF-406E-81F8-D60FCE05A70B}
[2012/01/16 21:12:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3705F6FF-D6F8-48EF-92BE-B0C707429A57}
[2012/01/16 18:53:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{40230CA4-29F9-4E1B-83DE-CE875FB120AE}
[2012/01/16 18:52:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{53FA5E8B-B187-4FB3-820A-7FA79C6D1097}
[2012/01/16 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{02C76EA5-DC07-4880-A953-1AF5E609382E}
[2012/01/16 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{86570867-E2AE-4B64-95EA-21370FD0FD03}
[2012/01/16 09:14:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1FB0D6CD-9EB2-4298-933C-2929D43743E6}
[2012/01/16 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B1F86998-E471-40E7-8510-E68B926FE8EF}
[2012/01/13 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E76747F9-FE11-45C1-990F-986A99CA1BE0}
[2012/01/13 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7BD64BD1-54B5-43C8-B3A2-9C1262E93149}
[2012/01/12 22:49:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{74A64CDD-E886-4A61-9669-816095380105}
[2012/01/12 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{17568FC1-E11C-48B1-BAD2-2453C5AE1466}
[2012/01/12 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9A2CBB75-2822-4FC5-8FA8-CDD91A7CB1EE}
[2012/01/11 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{72A6593C-15CB-4D9F-B03D-420BF4643A11}
[2012/01/11 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5568FB31-AC5A-4CE8-A6E4-A6470932C191}
[2012/01/09 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{34AF53AA-57FC-4E21-9492-A6299FE56CD6}
[2012/01/09 22:05:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{986DFB5D-919B-4032-B021-F73181F13872}
[2012/01/07 20:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{AEC1D457-871D-4671-AFD4-1AFC5CD22ABE}
[2012/01/07 20:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F639AC1B-6B4C-4CB4-9C78-C1D77A774AAB}
[2012/01/07 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A14B9DA0-7A58-4ACB-BEB9-23DD41E1DDA9}
[2012/01/07 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9966E467-D0FF-49C4-84CF-CD035FE79668}
[2012/01/06 22:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{962555A7-5FE0-4145-BCA6-C9ADC2986787}
[2012/01/06 22:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B34BA275-449E-4E98-9F77-2DCB9E820C0D}
[2012/01/06 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F394834A-1715-4347-8A7B-589CE22D490A}
[2012/01/06 13:55:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D3DA910C-8F67-41C0-B200-E87EC5B2FE91}
[2012/01/06 10:31:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C413AF6F-86F9-484D-AAAC-F8D07D5AD865}
[2012/01/06 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CDA2156C-0764-445A-AAE7-47EEC65C12D9}
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 12:06:09 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Jim\Desktop\GooredFix.exe
[2012/02/04 12:03:16 | 000,002,203 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
[2012/02/04 11:38:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/04 10:30:30 | 000,713,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 10:30:30 | 000,141,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 08:14:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 08:06:08 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 07:57:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 07:56:44 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 20:32:02 | 004,394,794 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/02/03 13:50:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/02 20:28:22 | 000,705,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/02 19:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2012/02/02 18:29:26 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | M] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 19:49:30 | 000,000,402 | ---- | M] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/02/01 14:44:06 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/02/01 13:42:53 | 000,000,512 | ---- | M] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120202-195838.backup
[2012/01/31 19:39:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/30 22:03:17 | 007,772,316 | ---- | M] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 20:17:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/30 10:21:08 | 000,752,745 | ---- | M] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/30 10:20:57 | 000,228,573 | ---- | M] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/30 09:05:22 | 000,294,061 | ---- | M] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/29 01:16:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/29 01:16:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/27 21:41:24 | 000,001,055 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:19 | 000,000,420 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/26 07:35:17 | 000,001,851 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/26 07:34:48 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/22 17:05:09 | 000,000,036 | ---- | M] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | M] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | M] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:14 | 000,146,440 | ---- | M] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:54:21 | 000,472,734 | ---- | M] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | M] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | M] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jim\*.tmp files -> C:\Users\Jim\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 12:03:16 | 000,002,203 | ---- | C] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
[2012/02/02 18:29:26 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/01 19:55:03 | 001,265,087 | ---- | C] () -- C:\Users\Jim\Desktop\Gaining a Basic Understanding.pdf
[2012/02/01 13:42:53 | 000,000,512 | ---- | C] () -- C:\Users\Jim\Desktop\MBR.dat
[2012/01/30 22:03:17 | 007,772,316 | ---- | C] () -- C:\Users\Jim\Documents\The_Tustin_Hangars.pdf
[2012/01/30 09:05:22 | 000,294,061 | ---- | C] () -- C:\Users\Jim\Documents\2012 Confined Space Recert.pdf
[2012/01/30 08:57:42 | 000,000,402 | ---- | C] () -- C:\Users\Jim\Desktop\Login - NIFTT.website
[2012/01/30 00:19:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/30 00:19:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/30 00:19:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/30 00:19:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/30 00:19:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/27 21:56:26 | 2414,682,112 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 21:41:24 | 000,001,055 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2012/01/27 21:39:18 | 000,000,420 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/22 20:28:59 | 000,752,745 | ---- | C] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/22 20:27:29 | 000,228,573 | ---- | C] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/18 22:39:53 | 000,594,808 | ---- | C] () -- C:\Users\Jim\Documents\US HealthWorks.pdf
[2012/01/18 21:24:52 | 000,808,066 | ---- | C] () -- C:\Users\Jim\Documents\2012 RPP Letter.pdf
[2012/01/18 14:25:13 | 000,146,440 | ---- | C] () -- C:\Users\Jim\Documents\STD678.pdf
[2012/01/16 20:53:25 | 000,472,734 | ---- | C] () -- C:\Users\Jim\Documents\erd.bmp
[2012/01/06 14:15:19 | 000,000,065 | ---- | C] () -- C:\Users\Jim\Desktop\MyLab Mastering Pearson.URL
[2012/01/06 10:36:00 | 000,000,093 | ---- | C] () -- C:\Users\Jim\Desktop\Pearson Learning Solutions Long Beach City College.URL
[2011/09/13 17:51:15 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/09/13 15:21:02 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/05/11 20:31:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\4D5CFEE444.sys
[2011/05/11 20:31:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/20 09:23:12 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/20 09:23:12 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/02/09 20:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/27 12:44:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 23:50:07 | 000,000,036 | ---- | C] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2010/10/06 15:02:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/05 20:02:38 | 000,007,610 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/07/13 19:57:38 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\prvlcl.dat
[2010/07/08 16:10:39 | 000,218,199 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/07/08 16:10:38 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/07/07 09:29:07 | 000,182,023 | ---- | C] () -- C:\Windows\hpwins14.dat.osupcopy
[2010/07/07 09:28:46 | 000,179,661 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2010/07/07 09:28:45 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2010/07/04 18:12:59 | 000,013,824 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 17:11:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 16:34:08 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/02 16:25:27 | 000,000,145 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/01 23:55:08 | 000,018,414 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\UserTile.png
[2010/02/08 07:23:01 | 000,023,110 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/08 07:03:25 | 000,077,374 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/12/18 23:23:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009/11/07 12:29:59 | 000,002,332 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2009/09/17 09:25:19 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/16 11:52:57 | 000,188,627 | ---- | C] () -- C:\Windows\hpwins22.dat
[2009/07/16 11:52:57 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,705,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,713,806 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,141,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/07 05:44:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/19 10:20:51 | 000,151,692 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/14 22:53:16 | 000,000,004 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\3084DF
[2009/06/14 22:53:15 | 000,870,128 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\mcs.rma
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/12 17:58:28 | 000,102,400 | ---- | C] () -- C:\Windows\NOAA_32.DLL
[2009/02/26 20:54:57 | 000,012,858 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2009/02/15 23:24:01 | 000,441,856 | ---- | C] () -- C:\Program Files\xpodclone.exe
[2009/02/15 12:40:21 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.001
[2009/02/15 12:40:18 | 000,027,145 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\nvModes.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/22 10:05:42 | 000,026,760 | R--- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/19 03:22:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/06/19 03:06:53 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/07/02 16:06:04 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Bytemobile
[2010/07/02 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\acccore
[2011/08/20 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Amazon
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AT&T
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2011/04/30 17:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG
[2011/02/09 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG9
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blackberry Desktop
[2010/09/27 20:01:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Blitware
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Bytemobile
[2010/07/02 16:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DriverCure
[2012/02/04 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Dropbox
[2010/07/12 14:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\eFax Messenger
[2011/10/12 10:00:19 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\esri
[2010/07/02 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Facebook
[2011/02/25 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Fluent
[2011/02/09 11:25:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GARMIN
[2010/04/06 16:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRightToGo
[2010/07/12 15:00:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\j2 Global
[2010/07/02 16:08:21 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\JExpress
[2012/02/03 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MSNInstaller
[2010/07/02 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NCH Swift Sound
[2011/09/13 17:51:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenCandy
[2012/01/30 09:00:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PrimoPDF
[2010/09/29 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Research In Motion
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sierra Wireless
[2010/08/06 20:44:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2010/07/02 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2010/01/17 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\The Ringtone Maker Plus
[2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2010/07/02 16:09:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\WildTangent
[2010/11/12 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2011/10/17 08:13:56 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< Code: >

< >

< :OTL >

< SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing) >

< SRV - File not found [Disabled | Stopped] -- -- (NetTcpActivator) >

< SRV - File not found [Disabled | Stopped] -- -- (NetPipeActivator) >

< SRV - File not found [Disabled | Stopped] -- -- (NetMsmqActivator) >

< IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found >

< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 >

< IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found >

< IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421 >

< FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.003 >

< O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. >

< O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. >

< O3 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) >

< O8 - Extra context menu item: Open with WordPerfect - Reg Error: Value error. File not found >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: ca.gov ([cadweb.fire] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) >

< O15 - HKU\S-1-5-21-1792262870-2198816888-816497568-1000\..Trusted Ranges: Range1 ([http] in Local intranet) >

< O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanc...instmodule.exe (Reg Error: Key error.) >
Invalid Switch: advanc...instmodule.exe (Reg Error: Key error.)

< O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)

< [2010/10/06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue >
Invalid Switch: 06 14:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream >

< @Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream >

< @Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4 >

< @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34 >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyjava] >

< [emptyflash] >

< [Reboot] >

========== Files - Unicode (All) ==========
[2010/01/23 17:08:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2010/01/23 17:08:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\衰ğ
[2009/12/07 11:43:21 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/12/07 11:43:21 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?L) -- C:\Windows\System32\澠Ĺ
[2009/11/07 15:19:20 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ
[2009/11/07 15:19:20 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ꑘŊ

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

broni · 2012/02/04

That's incorrect log.
You clicked on "Scan" button instead of "Fix" button.
Redo.

Jim911Fire · 2012/02/04

Sorry, here is the correct log. I'm at work and we need to leave the station for a couple of hrs. I will work on the other items you have listed once we return.

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Service NetTcpPortSharing stopped successfully!
Service NetTcpPortSharing deleted successfully!
Service NetTcpActivator stopped successfully!
Service NetTcpActivator deleted successfully!
Service NetPipeActivator stopped successfully!
Service NetPipeActivator deleted successfully!
Service NetMsmqActivator stopped successfully!
Service NetMsmqActivator deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: avg@igeared:4.906.030.003 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ca.gov\cadweb.fire\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1792262870-2198816888-816497568-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {2357B3CF-7F8D-4451-8D81-FD6097610AEE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2357B3CF-7F8D-4451-8D81-FD6097610AEE}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Jim\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster 2010\history folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster 2010\backup folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster 2010 folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\Registry Booster2 folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PowerSuite\_temp folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PowerSuite folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PixelPerfect\PixelPerfect Album folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PixelPerfect\MyPresets folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PixelPerfect\BatchGroup folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\PixelPerfect folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\DriverScanner\_temp folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\DriverScanner\drivers folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue\DriverScanner folder moved successfully.
C:\Users\Jim\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\Users\Jim\Documents\WORK TIMELINE.xls:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\VFC 13 - Where are they now.xls:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\UNIBLUE - Order Number.doc:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\Ten Standing Orders for Local Leadership.doc:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\Station Fire Review, Observations, and Recommendations.pdf:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\Deposit envelope LAFCU.doc:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\CSFA Preplan.pdf:Roxio EMC Stream deleted successfully.
ADS C:\Users\Jim\Documents\activision code.doc:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 7758 bytes
->Temporary Internet Files folder emptied: 299300 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 95605191 bytes
->Google Chrome cache emptied: 6733927 bytes
->Flash cache emptied: 5124 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2432498 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 588280 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Jim
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: Jim
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02042012_125923

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\24\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

broni · 2012/02/04

No problem

Jim911Fire · 2012/02/04

Here are the remaining items you asked for...

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG PC Tuneup 2011
Avira Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
AVG PC Tuneup 2011
Java(TM) 6 Update 30
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

Farbar Service Scanner Version: 04-02-2012 01
Ran by Jim (administrator) on 04-02-2012 at 15:16:20
Running from "C:\Users\Jim\Desktop "
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application
C:\Users\Jim\Downloads\cnet_DownloadXPro_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Jim\Downloads\powersuite.exe multiple threats
C:\_OTL\MovedFiles\02042012_125923\C_Users\Jim\AppData\Roaming\Uniblue\PowerSuite\_temp\ub.exe multiple threats
C:\_OTL\MovedFiles\02042012_125923\C_Users\Jim\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\_OTL\MovedFiles\02042012_125923\C_Users\Jim\AppData\Roaming\Uniblue\RegistryBooster 2010\_temp\ub.exe Win32/RegistryBooster application

broni · 2012/02/04

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Jim911Fire · 2012/02/04

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jim
->Temp folder emptied: 700 bytes
->Temporary Internet Files folder emptied: 247342 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88168059 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1040 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34586 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: Jim
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Jim
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02042012_194229

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\WebEx\Log\24\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Jim911Fire · 2012/02/04

Thank You VERY MUCH for all of your assistance!!!

broni · 2012/02/04

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved Multiple system attacks

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Multiple system attacks

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Jim911Fire Inactive Thread Starter

Jim911Fire Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches