Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default Keep getting this warning from AVAST

    I posted on Garden Web, Computer Help Forums and was directed to post here by Zep516. I was unable to provide the warning as Garden Web kept blocking it. I am going to try to insert the image which I copied.

    I ran both Malwarebytes and Super Anti spyware and nothing comes up. The warning tends to pop up when I open Firefox but will pop up at other times.

    This is an XP computer, Firefox, Avast, Zone Alarm, Malwarebytes, Super Anti spyware, Spywareblaster

    Jane
    Avast warning.JPG

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi Jane,

    Lets take a complete look at the computer first.

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Thanks
    Joe

  3. #3
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default

    Thanks Joe. Hope I do this right.

    OTL logfile created on: 8/17/2014 6:00:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jane\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.59% Memory free
    4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.22% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.82 Gb Total Space | 164.98 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    PRC - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/07/31 12:00:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/06/08 00:47:10 | 003,600,896 | ---- | M] (Drive Software Company) -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/17 16:52:54 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081701\algo.dll
    MOD - [2014/08/16 16:50:01 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081601\algo.dll
    MOD - [2014/07/12 21:00:04 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/07/12 21:00:02 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2014/02/13 13:06:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 13:06:24 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
    MOD - [2014/02/13 13:05:16 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 02:08:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 02:07:56 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 02:07:24 | 000,047,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\c3df4e8f29a2ddc185a91e1f95f41555\PresentationFontCache.ni.exe
    MOD - [2014/02/13 02:07:19 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/13 02:07:04 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/13 02:06:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 02:06:43 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/06/07 03:06:34 | 001,147,392 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll
    MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2014/07/22 21:02:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/07/11 00:07:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2010/11/02 01:10:45 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2014/07/12 21:00:20 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/07/12 21:00:06 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/07/12 21:00:06 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/07/12 21:00:06 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/07/12 21:00:06 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/07/12 21:00:06 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/07/12 21:00:06 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/07/12 21:00:05 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
    DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/06/19 22:41:38 | 000,527,976 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/01/21 00:43:00 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2009/03/13 14:23:44 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/06/20 12:08:20 | 000,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 12:07:42 | 000,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2007/06/20 12:07:38 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\SearchScopes,DefaultScope = {94E02DF4-210D-494C-88CE-9DA638A7658E}
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\SearchScopes\{94E02DF4-210D-494C-88CE-9DA638A7658E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-789336058-1644491937-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
    FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Jane\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/22 21:02:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/15 11:20:29 | 000,000,000 | ---D | M]

    [2010/11/01 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions
    [2013/12/02 13:54:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/12/30 10:39:10 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\foxmarks@kei.com
    [2011/04/06 00:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\nostmp
    [2014/05/27 11:31:15 | 000,133,000 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2012/12/28 11:41:40 | 000,169,939 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\wikilook@testpilot.xpi
    [2013/03/14 13:30:48 | 000,111,028 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
    [2014/07/23 22:34:15 | 000,967,685 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/07/09 11:16:36 | 000,075,008 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2014/07/22 21:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/07/22 21:02:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/11/03 22:05:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-21-789336058-1644491937-682003330-1003..\Run: [AtomicAlarmClock6] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Drive Software Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1288669287289 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1348459479640 (MUWebControl Class)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362211AA-171C-4322-BBA3-79BB48341E38}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8921D7-097E-4018-A2D6-11ED57059154}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41798FFA-609F-4099-9560-3ABFF8C0536A}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFB65657-681C-4BCB-B802-F4F94AA35CFC}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F62722-6134-4271-9451-F8E0C601412C}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/01 02:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/17 17:58:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/14 00:47:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane\Recent
    [2014/08/05 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/08/05 20:14:16 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:14:16 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:14:05 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2014/07/28 00:56:06 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/28 00:55:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/07/28 00:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/07/28 00:54:43 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/07/28 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/22 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/03/31 11:06:15 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_540.exe
    [2010/11/15 01:32:27 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_438.exe
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/17 17:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/08/17 17:31:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 16:30:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 15:55:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2014/08/17 12:53:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/08/17 12:48:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2014/08/17 12:48:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/08/17 12:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/08/14 00:38:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2014/08/06 23:52:22 | 012,173,312 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/06 19:48:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/08/05 22:57:55 | 000,016,475 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:12 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 20:13:49 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:13:46 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:13:46 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:13:45 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:13:45 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 19:21:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/08/04 14:14:05 | 000,128,215 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:09 | 000,220,302 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:44 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/31 13:00:59 | 000,002,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Active Trader Pro 10.0.lnk
    [2014/07/29 01:11:49 | 000,146,087 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/28 00:56:53 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/28 00:56:07 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/26 23:51:35 | 000,103,409 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/06 23:52:21 | 012,173,312 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/05 22:57:55 | 000,016,475 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 22:17:07 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/04 14:14:03 | 000,128,215 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:08 | 000,220,302 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:43 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/29 01:11:49 | 000,146,087 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/26 23:51:34 | 000,103,409 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [2014/05/02 15:31:58 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/03/30 23:38:45 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/03/30 23:38:44 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/03/27 22:05:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jane\.JavaPowUpload.properties
    [2014/03/19 23:12:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
    [2014/03/19 23:03:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
    [2014/03/19 23:03:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
    [2014/03/19 23:03:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
    [2014/02/28 17:13:01 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2013/10/14 01:18:29 | 000,322,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/06/19 23:29:01 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/12/03 11:35:21 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\burnaware.ini
    [2012/09/17 21:59:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
    [2012/05/22 23:28:15 | 000,933,620 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1644491937-682003330-1003-0.dat
    [2012/05/15 12:17:21 | 001,344,883 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE5-15-2012.zip
    [2012/04/25 01:58:18 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/04/10 17:42:16 | 001,201,946 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE4-10-2012.zip
    [2012/03/02 18:46:21 | 001,261,764 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-2-2011.zip
    [2012/02/01 16:37:09 | 000,986,661 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE2-1-2012.zip
    [2011/12/29 23:49:48 | 000,931,504 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE12-29-2011.zip
    [2011/12/15 01:40:33 | 000,001,224 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\UserProducts.xml
    [2011/11/28 21:16:23 | 000,971,216 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE11-28-2011.zip
    [2011/10/25 18:23:01 | 001,058,601 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE10-25-11.zip
    [2011/09/21 00:40:06 | 001,068,935 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE1.zip
    [2011/03/14 14:20:17 | 000,737,690 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-14-11.zip
    [2011/02/10 16:26:18 | 000,975,074 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE.zip
    [2011/01/31 20:35:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/11/02 01:30:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >

    OTL Extras logfile created on: 8/17/2014 6:00:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jane\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.59% Memory free
    4.84 Gb Paging File | 4.32 Gb Available in Paging File | 89.22% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.82 Gb Total Space | 164.98 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Program Files\HP\Digital Imaging\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}\setup\hpznui01.exe:*:Enabled:hpznui01.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Program Files\HP\Digital Imaging\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
    "C:\Documents and Settings\Jane\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Jane\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
    "{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series" = Canon MX430 series MP Drivers
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2669DD7D-48E5-458B-A0C5-54A6E5721483}" = EZClaim Advanced
    "{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
    "{29C3F206-A0D8-B7BD-315E-896DE8FDB245}" = CCC Help Spanish
    "{2B91C9B7-D175-B1C4-37E4-CE862F804C19}" = Skins
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3632DABD-0CCA-DF68-7906-1EDC05175320}" = Catalyst Control Center Localization All
    "{38E29473-F56A-88EC-D9F4-4BF7EABAEF4C}" = CCC Help Chinese Standard
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{531029F8-E185-FD5A-E5A9-8D9C3932771E}" = CCC Help Turkish
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5BC66766-D55B-AA7A-9B4E-18F1D6D1FFDD}" = CCC Help French
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{651A119E-78C1-E5CC-89E0-4E734F92D6EA}" = ccc-core-static
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67663D93-4266-4BB6-F325-897068CAB237}" = Catalyst Control Center Graphics Light
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6FA611E5-B622-3BB6-D3BB-D129C1302998}" = ccc-utility
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7409A8F7-A3FC-0126-D19E-FD5742CA079F}" = CCC Help Japanese
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C0F9656-A728-C699-ED63-B791BF1F563A}" = Catalyst Control Center Graphics Full Existing
    "{7F873607-7038-FC0A-408A-C4FA72C04CF8}" = CCC Help Italian
    "{843AC78E-8374-8A83-F5C3-BCBBB1F21088}" = ccc-core-preinstall
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
    "{AC1BF65D-F1CD-5442-6518-21AEF9A668D6}" = Catalyst Control Center Graphics Full New
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
    "{AD7D26F7-AC24-E707-1452-751B3AD337F0}" = CCC Help English
    "{B025BA0B-64A6-46DE-9D64-32965C83CCA9}" = Citrix Online Launcher
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7139531-D345-E0ED-1BE9-1A9FCFE6C3C2}" = Catalyst Control Center Graphics Previews Common
    "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
    "{B768CB87-0B82-424B-B556-3C4EEA1C380B}" = Fidelity Active Trader ProŽ
    "{B84A1D8C-7023-0D5C-7A9A-9292F9435F7A}" = CCC Help Hungarian
    "{B9DB2154-D219-C3C4-4A37-8D5A26C1B55C}" = Catalyst Control Center Core Implementation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0C53777-830D-E3D9-139F-9FCE193F7259}" = CCC Help Chinese Traditional
    "{C47B36EC-0639-4462-A9CE-7809CF2F6100}" = ZoneAlarm Security
    "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
    "{D4FB136D-2802-4578-A023-E7243BD0D7D5}" = ZoneAlarm Firewall
    "{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
    "{DB2B2495-0FE0-0184-519A-95FF7C484C9A}" = CCC Help German
    "{E43FC2B1-67F2-9AEB-0BEA-D0EB902164FF}" = CCC Help Portuguese
    "{E44096DC-9389-47DE-9515-C7CA51EE05D7}" = BlackBerry Desktop Software 7.1
    "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F2190D89-2A44-11C3-6E29-16A3ACF56663}" = CCC Help Korean
    "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.1
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Atomic Alarm Clock_is1" = Atomic Alarm Clock 6.12
    "Avast" = avast! Free Antivirus
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Defraggler" = Defraggler
    "GoToAssist" = GoToAssist 8.0.0.514
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Picasa 3" = Picasa 3
    "PROR" = Microsoft Office Professional 2007
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Secunia PSI" = Secunia PSI (2.0.0.3003)
    "Sony Digital Voice Editor 3" = Sony Digital Voice Editor 3
    "Speccy" = Speccy
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "Tweak UI 2.10" = Tweak UI
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordWeb" = WordWeb
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
    "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-789336058-1644491937-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 6.3.0.1415

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/16/2014 7:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 8:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 11:55:16 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:00:14 AM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:13 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/17/2014 12:48:19 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:53:04 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 3:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 4:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFE

    [ Application Events ]
    Error - 8/16/2014 7:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 8:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 11:55:16 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:00:14 AM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:13 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/17/2014 12:48:19 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:53:04 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 3:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 4:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFE

    [ Application Events ]
    Error - 8/16/2014 7:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 8:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/16/2014 11:55:16 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:00:14 AM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:13 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:48:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262159
    Description = The scheduled MATS task encountered a failure when collecting configuration
    data. hr=0xC004F00E .

    Error - 8/17/2014 12:48:19 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 12:53:04 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 3:55:15 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFD

    Error - 8/17/2014 4:00:14 PM | Computer Name = OFFICE | Source = MatSvc | ID = 262147
    Description = The MATS service encountered a web service failure. hr=0x80072EFE

    [ System Events ]
    Error - 8/3/2014 12:11:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/4/2014 12:20:12 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/5/2014 10:40:38 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/5/2014 8:12:44 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 8/6/2014 11:13:45 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/9/2014 1:50:30 PM | Computer Name = OFFICE | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.2 on
    the Network Card with network address 0023AE9825A7.

    Error - 8/9/2014 1:50:30 PM | Computer Name = OFFICE | Source = NetDDE | ID = 206
    Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
    network number.

    Error - 8/9/2014 1:50:44 PM | Computer Name = OFFICE | Source = NetDDE | ID = 206
    Description = Listen failed: 15:

    Error - 8/12/2014 10:37:30 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Presentation
    Foundation Font Cache 3.0.0.0 service to connect.

    Error - 8/12/2014 10:37:30 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%1053

    [ System Events ]
    Error - 8/3/2014 12:11:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/4/2014 12:20:12 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/5/2014 10:40:38 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/5/2014 8:12:44 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 8/6/2014 11:13:45 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the MBAMService service.

    Error - 8/9/2014 1:50:30 PM | Computer Name = OFFICE | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.2 on
    the Network Card with network address 0023AE9825A7.

    Error - 8/9/2014 1:50:30 PM | Computer Name = OFFICE | Source = NetDDE | ID = 206
    Description = Listen failed: 23: The ncb_lana_num member did not specify a valid
    network number.

    Error - 8/9/2014 1:50:44 PM | Computer Name = OFFICE | Source = NetDDE | ID = 206
    Description = Listen failed: 15:

    Error - 8/12/2014 10:37:30 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Presentation
    Foundation Font Cache 3.0.0.0 service to connect.

    Error - 8/12/2014 10:37:30 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%1053


    < End of report >

    Thanks so much for your help,
    Jane

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Jane,

    Is the Avast pop up only occurring on 1 particular web site?

    There's a few things in your log that need attention, a left over tool bar, we will also clear all temp files, reset hosts, and clear dns. So lets do that now..

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      O3 - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      
      :Files
      ipconfig /flushdns /c
      ipconfig /release /c
      ipconfig /renew /c 
      
      
      :Commands
      
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    In your next reply post:
    1-The otl fix log, it should pop up in front of you, if not it's located here-->C:\_OTL\Moved Files
    2- New otl log after quick scan is run.

    Thanks
    Joe

  5. #5
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default

    Not sure what I did wrong but I did run the scan but can't find it. Should I do it again? I did get a message after reboot that it was done but I don't know where it went.

    When I opened Firefox I got the message again. I tried to upload the image but it wouldn't take it.

    Anyway, should I redo the scan? I can't find it.

    Thanks,
    Jane

  6. #6
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default

    Maybe this is it


    OTL logfile created on: 8/17/2014 7:56:57 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jane\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 76.77% Memory free
    4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.03% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.82 Gb Total Space | 164.98 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    PRC - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/07/31 12:00:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/06/08 00:47:10 | 003,600,896 | ---- | M] (Drive Software Company) -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/17 16:52:54 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081701\algo.dll
    MOD - [2014/08/16 16:50:01 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081601\algo.dll
    MOD - [2014/07/12 21:00:04 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/07/12 21:00:02 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2014/02/13 13:06:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 13:06:24 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
    MOD - [2014/02/13 13:05:16 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 02:08:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 02:07:56 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 02:07:24 | 000,047,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\c3df4e8f29a2ddc185a91e1f95f41555\PresentationFontCache.ni.exe
    MOD - [2014/02/13 02:07:19 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/13 02:07:04 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/13 02:06:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 02:06:43 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/06/07 03:06:34 | 001,147,392 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll
    MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2014/07/22 21:02:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/07/11 00:07:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2010/11/02 01:10:45 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2014/07/12 21:00:20 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/07/12 21:00:06 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/07/12 21:00:06 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/07/12 21:00:06 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/07/12 21:00:06 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/07/12 21:00:06 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/07/12 21:00:06 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/07/12 21:00:05 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
    DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/06/19 22:41:38 | 000,527,976 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/01/21 00:43:00 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2009/03/13 14:23:44 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/06/20 12:08:20 | 000,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 12:07:42 | 000,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2007/06/20 12:07:38 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKCU\..\SearchScopes,DefaultScope = {94E02DF4-210D-494C-88CE-9DA638A7658E}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKCU\..\SearchScopes\{94E02DF4-210D-494C-88CE-9DA638A7658E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
    FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Jane\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/22 21:02:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/15 11:20:29 | 000,000,000 | ---D | M]

    [2010/11/01 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions
    [2013/12/02 13:54:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/12/30 10:39:10 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\foxmarks@kei.com
    [2011/04/06 00:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\nostmp
    [2014/05/27 11:31:15 | 000,133,000 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2012/12/28 11:41:40 | 000,169,939 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\wikilook@testpilot.xpi
    [2013/03/14 13:30:48 | 000,111,028 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
    [2014/07/23 22:34:15 | 000,967,685 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/07/09 11:16:36 | 000,075,008 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2014/07/22 21:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/07/22 21:02:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/11/03 22:05:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [AtomicAlarmClock6] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Drive Software Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1288669287289 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1348459479640 (MUWebControl Class)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362211AA-171C-4322-BBA3-79BB48341E38}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8921D7-097E-4018-A2D6-11ED57059154}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41798FFA-609F-4099-9560-3ABFF8C0536A}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFB65657-681C-4BCB-B802-F4F94AA35CFC}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F62722-6134-4271-9451-F8E0C601412C}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/01 02:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    [CREATERESTOREPOINT]
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/17 17:58:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/14 00:47:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane\Recent
    [2014/08/05 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/08/05 20:14:16 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:14:16 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:14:05 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2014/07/28 00:56:06 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/28 00:55:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/07/28 00:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/07/28 00:54:43 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/07/28 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/22 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/03/31 11:06:15 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_540.exe
    [2010/11/15 01:32:27 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_438.exe
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/17 19:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/08/17 19:55:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2014/08/17 19:31:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/17 16:30:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 12:53:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/08/17 12:48:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2014/08/17 12:48:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/08/17 12:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/08/14 00:38:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2014/08/06 23:52:22 | 012,173,312 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/06 19:48:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/08/05 22:57:55 | 000,016,475 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:12 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 20:13:49 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:13:46 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:13:46 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:13:45 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:13:45 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 19:21:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/08/04 14:14:05 | 000,128,215 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:09 | 000,220,302 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:44 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/31 13:00:59 | 000,002,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Active Trader Pro 10.0.lnk
    [2014/07/29 01:11:49 | 000,146,087 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/28 00:56:53 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/28 00:56:07 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/26 23:51:35 | 000,103,409 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/06 23:52:21 | 012,173,312 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/05 22:57:55 | 000,016,475 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 22:17:07 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/04 14:14:03 | 000,128,215 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:08 | 000,220,302 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:43 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/29 01:11:49 | 000,146,087 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/26 23:51:34 | 000,103,409 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [2014/05/02 15:31:58 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/03/30 23:38:45 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/03/30 23:38:44 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/03/27 22:05:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jane\.JavaPowUpload.properties
    [2014/03/19 23:12:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
    [2014/03/19 23:03:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
    [2014/03/19 23:03:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
    [2014/03/19 23:03:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
    [2014/02/28 17:13:01 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2013/10/14 01:18:29 | 000,322,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/06/19 23:29:01 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/12/03 11:35:21 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\burnaware.ini
    [2012/09/17 21:59:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
    [2012/05/22 23:28:15 | 000,933,620 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1644491937-682003330-1003-0.dat
    [2012/05/15 12:17:21 | 001,344,883 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE5-15-2012.zip
    [2012/04/25 01:58:18 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/04/10 17:42:16 | 001,201,946 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE4-10-2012.zip
    [2012/03/02 18:46:21 | 001,261,764 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-2-2011.zip
    [2012/02/01 16:37:09 | 000,986,661 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE2-1-2012.zip
    [2011/12/29 23:49:48 | 000,931,504 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE12-29-2011.zip
    [2011/12/15 01:40:33 | 000,001,224 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\UserProducts.xml
    [2011/11/28 21:16:23 | 000,971,216 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE11-28-2011.zip
    [2011/10/25 18:23:01 | 001,058,601 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE10-25-11.zip
    [2011/09/21 00:40:06 | 001,068,935 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE1.zip
    [2011/03/14 14:20:17 | 000,737,690 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-14-11.zip
    [2011/02/10 16:26:18 | 000,975,074 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE.zip
    [2011/01/31 20:35:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/11/02 01:30:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    < :COMMANDS >

    < >

    < :OTL >

    < O3 - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. >

    < >

    < :Files >

    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.

    < ipconfig /release /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : 0.0.0.0
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Default Gateway . . . . . . . . . :

    < ipconfig /renew /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : home
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1

    < >

    < >

    < :Commands >

    < >

    < [emptytemp] >

    < [resethosts] >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >

  7. #7
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default

    Maybe this is it


    OTL logfile created on: 8/17/2014 7:56:57 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jane\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 76.77% Memory free
    4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.03% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.82 Gb Total Space | 164.98 Gb Free Space | 70.86% Space Free | Partition Type: NTFS

    Computer Name: OFFICE | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    PRC - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2014/07/31 12:00:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
    PRC - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    PRC - [2013/06/08 00:47:10 | 003,600,896 | ---- | M] (Drive Software Company) -- C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/08/17 16:52:54 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081701\algo.dll
    MOD - [2014/08/16 16:50:01 | 002,797,568 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14081601\algo.dll
    MOD - [2014/07/12 21:00:04 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/07/12 21:00:02 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
    MOD - [2014/02/13 13:06:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
    MOD - [2014/02/13 13:06:24 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
    MOD - [2014/02/13 13:05:16 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
    MOD - [2014/02/13 02:08:42 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
    MOD - [2014/02/13 02:07:56 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
    MOD - [2014/02/13 02:07:24 | 000,047,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\c3df4e8f29a2ddc185a91e1f95f41555\PresentationFontCache.ni.exe
    MOD - [2014/02/13 02:07:19 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
    MOD - [2014/02/13 02:07:04 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
    MOD - [2014/02/13 02:06:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
    MOD - [2014/02/13 02:06:43 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
    MOD - [2014/02/06 01:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/02/06 01:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/06/07 03:06:34 | 001,147,392 | ---- | M] () -- C:\Program Files\Atomic Alarm Clock\Clock.dll
    MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2014/08/05 20:13:47 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2014/07/22 21:02:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/07/12 21:00:01 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/07/11 00:07:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
    SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2010/11/02 01:10:45 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\npf.sys -- (NPF)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
    DRV - [2014/07/12 21:00:20 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
    DRV - [2014/07/12 21:00:06 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsnx.sys -- (aswSnx)
    DRV - [2014/07/12 21:00:06 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/07/12 21:00:06 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/07/12 21:00:06 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2014/07/12 21:00:06 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/07/12 21:00:06 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2014/07/12 21:00:05 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswrdr.sys -- (aswRdr)
    DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2013/06/19 22:41:38 | 000,527,976 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/01/21 00:43:00 | 000,816,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2009/03/13 14:23:44 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/06/20 12:08:20 | 000,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 12:07:42 | 000,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2007/06/20 12:07:38 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
    IE - HKCU\..\SearchScopes,DefaultScope = {94E02DF4-210D-494C-88CE-9DA638A7658E}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKCU\..\SearchScopes\{94E02DF4-210D-494C-88CE-9DA638A7658E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
    FF - prefs.js..extensions.enabledAddons: %7BB3834E60-12A8-11E0-A289-939FDFD72085%7D:2.0.1
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
    FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
    FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Jane\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/22 21:02:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/15 11:20:29 | 000,000,000 | ---D | M]

    [2010/11/01 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions
    [2013/12/02 13:54:19 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/12/30 10:39:10 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
    [2014/07/25 10:55:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\foxmarks@kei.com
    [2011/04/06 00:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\nostmp
    [2014/05/27 11:31:15 | 000,133,000 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\adblockpopups@jessehakanen.net.xpi
    [2012/12/28 11:41:40 | 000,169,939 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\wikilook@testpilot.xpi
    [2013/03/14 13:30:48 | 000,111,028 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
    [2014/07/23 22:34:15 | 000,967,685 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/07/09 11:16:36 | 000,075,008 | ---- | M] () (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\cncifo09.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/07/22 21:02:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2014/07/22 21:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/07/22 21:02:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/11/03 22:05:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

    O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [AtomicAlarmClock6] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Drive Software Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1288669287289 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1348459479640 (MUWebControl Class)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_09)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362211AA-171C-4322-BBA3-79BB48341E38}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D8921D7-097E-4018-A2D6-11ED57059154}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41798FFA-609F-4099-9560-3ABFF8C0536A}: DhcpNameServer = 167.206.251.130 167.206.251.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFB65657-681C-4BCB-B802-F4F94AA35CFC}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F62722-6134-4271-9451-F8E0C601412C}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/01 02:21:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bc846a52-ff40-11e3-a59e-0023ae9825a7}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    [CREATERESTOREPOINT]
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/08/17 17:58:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/14 00:47:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jane\Recent
    [2014/08/05 20:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2014/08/05 20:14:16 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:14:16 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:14:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:14:05 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
    [2014/07/28 00:56:06 | 017,292,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/28 00:55:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/07/28 00:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/07/28 00:54:43 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2014/07/28 00:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
    [2014/07/22 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/03/31 11:06:15 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_540.exe
    [2010/11/15 01:32:27 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Jane\gotomypc_438.exe
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/08/17 19:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/08/17 19:55:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
    [2014/08/17 19:31:00 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 17:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jane\Desktop\OTL.exe
    [2014/08/17 16:30:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-789336058-1644491937-682003330-1003.job
    [2014/08/17 12:53:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2014/08/17 12:48:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
    [2014/08/17 12:48:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/08/17 12:46:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/08/14 00:38:44 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2014/08/06 23:52:22 | 012,173,312 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/06 19:48:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
    [2014/08/05 22:57:55 | 000,016,475 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:12 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 20:13:49 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2014/08/05 20:13:46 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2014/08/05 20:13:46 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2014/08/05 20:13:45 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2014/08/05 20:13:45 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2014/08/05 19:21:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/08/04 14:14:05 | 000,128,215 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:09 | 000,220,302 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:44 | 000,073,784 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/31 13:00:59 | 000,002,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Active Trader Pro 10.0.lnk
    [2014/07/29 01:11:49 | 000,146,087 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/28 00:56:53 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/07/28 00:56:07 | 017,292,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jane\Desktop\mbam-setup-2.0.2.1012.exe
    [2014/07/26 23:51:35 | 000,103,409 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/08/06 23:52:21 | 012,173,312 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Jane's Quicken Data-2014-08-06.QDF-backup
    [2014/08/05 22:57:55 | 000,016,475 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\trapizoid.JPG
    [2014/08/05 22:30:04 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\cropped fence.JPG
    [2014/08/05 22:25:14 | 000,197,292 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\gate-fence.JPG
    [2014/08/05 22:17:07 | 000,083,823 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\fence-gate grey.JPG
    [2014/08/04 14:14:03 | 000,128,215 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\plane.jpg
    [2014/08/04 00:10:08 | 000,220,302 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Seattle_Japanese_Garden.jpg
    [2014/07/31 23:31:43 | 000,073,784 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\pergola.jpg
    [2014/07/29 01:11:49 | 000,146,087 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\awcleaner blocked.JPG
    [2014/07/26 23:51:34 | 000,103,409 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\lath.jpg
    [2014/05/02 15:31:58 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
    [2014/03/30 23:38:45 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2014/03/30 23:38:44 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2014/03/27 22:05:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jane\.JavaPowUpload.properties
    [2014/03/19 23:12:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
    [2014/03/19 23:03:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
    [2014/03/19 23:03:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
    [2014/03/19 23:03:28 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
    [2014/02/28 17:13:01 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2013/10/14 01:18:29 | 000,322,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/06/19 23:29:01 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
    [2012/12/03 11:35:21 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\burnaware.ini
    [2012/09/17 21:59:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
    [2012/05/22 23:28:15 | 000,933,620 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-789336058-1644491937-682003330-1003-0.dat
    [2012/05/15 12:17:21 | 001,344,883 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE5-15-2012.zip
    [2012/04/25 01:58:18 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/04/10 17:42:16 | 001,201,946 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE4-10-2012.zip
    [2012/03/02 18:46:21 | 001,261,764 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-2-2011.zip
    [2012/02/01 16:37:09 | 000,986,661 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE2-1-2012.zip
    [2011/12/29 23:49:48 | 000,931,504 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE12-29-2011.zip
    [2011/12/15 01:40:33 | 000,001,224 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\UserProducts.xml
    [2011/11/28 21:16:23 | 000,971,216 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE11-28-2011.zip
    [2011/10/25 18:23:01 | 001,058,601 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE10-25-11.zip
    [2011/09/21 00:40:06 | 001,068,935 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE1.zip
    [2011/03/14 14:20:17 | 000,737,690 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE3-14-11.zip
    [2011/02/10 16:26:18 | 000,975,074 | ---- | C] () -- C:\Documents and Settings\Jane\Application Data\JANE.zip
    [2011/01/31 20:35:39 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/11/02 01:30:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    < :COMMANDS >

    < >

    < :OTL >

    < O3 - HKU\S-1-5-21-789336058-1644491937-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. >

    < >

    < :Files >

    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.

    < ipconfig /release /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : 0.0.0.0
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Default Gateway . . . . . . . . . :

    < ipconfig /renew /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : home
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1

    < >

    < >

    < :Commands >

    < >

    < [emptytemp] >

    < [resethosts] >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    It looks like you may have hit run scan, instead of Run fix so yes try it again.

  9. #9
    Member
    Join Date
    Aug 2014
    Posts
    11
    Points
    0

    Default

    I had to run it twice again. I couldn't find it anywhere so I copied and saved it to my desktop. Hope that doesn't affect anything. I'm going to bed after this one. Also, I get the pop up most often when I open Mozilla FF. Sometimes it will open when I click on my Gmail account. I know it does it at other times, but mostly when I try to open FF.

    hope this works:

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-789336058-1644491937-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Jane\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Jane\Desktop\cmd.txt deleted successfully.
    < ipconfig /release /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : 0.0.0.0
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Default Gateway . . . . . . . . . :
    C:\Documents and Settings\Jane\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Jane\Desktop\cmd.txt deleted successfully.
    < ipconfig /renew /c >
    Windows IP Configuration
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : home
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    C:\Documents and Settings\Jane\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Jane\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Felix
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jane
    ->Temp folder emptied: 34351 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 17668970 bytes
    ->Flash cache emptied: 492 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Matt
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: QBDataServiceUser18
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 825 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 105844256 bytes

    Total Files Cleaned = 118.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 08182014_005759

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Jane\Local Settings\Temp\~DF36E4.tmp moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\ZLT0769f.TMP not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Thanks so much, Joe

    Jane

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Well done !

    We need to check the Avast version


    Please click on the orange ball in her notification area down by the click, then click on About Avast and tell me what version of Avast you have....

    You can do this Tomorrow

    Joe

Page 1 of 2 12 LastLast