Malicious URL Blocked - Need Help

Hi everybody. Newbie here. I encountered a problem with a svchost.exe virus or malware on my work computer last week. My PC got extremely slow and a blue screen appeared twice shutting down my computer. I already had Norton Internet Security running, but apparently that did not catch it. So yesterday, I downloaded various virus scanning and antispyware applications (Paretologic PC Health Advisor, Malwarebytes, Avast, and SuperAntiSpyware) to clean and then protect my PC. Per this board’s recommendations, I have removed NIS and am currently running Avast, MBAM and SAS.

Unfortunately, I keep receiving Avast notices stating that it has blocked two malicious URL’s (ololoshaface.com and c2pokerface.com) from svchost.exe that I am not trying to access. So it seems that I still have some type of problem and my system has crashed numerous times today when I have been attempting to address the problem or simply had multiple windows open. I tried to attach screenshots of the Avast malicious URL notices but for some reason it wouldn’t work. Below are my MBAM, OTL, and aswMBR logs (I apologize if i did this incorrectly, my first time doing this):

MBAM logs (in order):

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]

Protection: Disabled

4/22/2012 12:18:27 PM
mbam-log-2012-04-22 (12-18-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241747
Time elapsed: 20 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blake :: PC-BLAKE [administrator]

Protection: Enabled

4/23/2012 6:45:40 PM
mbam-log-2012-04-23 (18-45-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209628
Time elapsed: 19 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

2012/04/22 13:45:27 -0400 PC-BLAKE Blake MESSAGE Starting protection
2012/04/22 13:45:36 -0400 PC-BLAKE Blake MESSAGE Protection started successfully
2012/04/22 13:45:39 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/22 13:45:41 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/22 13:46:09 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:14 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:17 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:23 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:29 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:32 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:35 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:38 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:46:44 -0400 PC-BLAKE Blake IP-BLOCK 204.137.28.195 (Type: outgoing)
2012/04/22 13:47:29 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:32 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:38 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:50 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:53 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:47:59 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.2 (Type: outgoing)
2012/04/22 13:48:25 -0400 PC-BLAKE Blake MESSAGE Executing scheduled update: Daily
2012/04/22 13:48:26 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:29 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:35 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:47 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:48 -0400 PC-BLAKE Blake MESSAGE Database already up-to-date
2012/04/22 13:48:50 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:48:56 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.3 (Type: outgoing)
2012/04/22 13:49:14 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:17 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:23 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:35 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:38 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 13:49:44 -0400 PC-BLAKE Blake IP-BLOCK 206.161.121.4 (Type: outgoing)
2012/04/22 14:27:16 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/22 14:27:29 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/22 14:27:32 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/22 14:29:33 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully

2012/04/23 07:44:39 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 07:44:48 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 07:44:51 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 07:47:21 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 07:48:05 -0400 PC-BLAKE Blake MESSAGE Executing scheduled update: Daily
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Starting database refresh
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Scheduled update executed successfully: database updated from version v2012.04.22.02 to version v2012.04.23.03
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 07:48:25 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 07:48:29 -0400 PC-BLAKE Blake MESSAGE Database refreshed successfully
2012/04/23 07:48:32 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/23 07:48:34 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 08:26:17 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 08:26:17 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 08:43:06 -0400 PC-BLAKE Blake DETECTION C:\Documents and Settings\Blake\Local Settings\Temp\0.40677490613151357 Exploit.Drop.9 ALLOW
2012/04/23 11:29:05 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 11:29:18 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 11:29:21 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 11:31:06 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 13:42:56 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 13:43:10 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 13:43:13 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 13:45:57 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 14:24:13 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 14:24:22 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 14:24:25 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 14:25:56 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 15:28:03 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 15:28:14 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 15:28:17 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 15:29:38 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE Starting database refresh
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE Stopping IP protection
2012/04/23 18:45:15 -0400 PC-BLAKE Blake MESSAGE IP Protection stopped
2012/04/23 18:45:19 -0400 PC-BLAKE Blake MESSAGE Database refreshed successfully
2012/04/23 18:45:19 -0400 PC-BLAKE Blake MESSAGE Starting IP protection
2012/04/23 18:45:22 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 19:14:28 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:14:41 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:14:44 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:16:36 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 19:24:51 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:24:59 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:25:02 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:27:47 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 19:28:01 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 19:28:04 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 19:29:54 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully
2012/04/23 20:10:50 -0400 PC-BLAKE MESSAGE Starting protection
2012/04/23 20:11:10 -0400 PC-BLAKE MESSAGE Protection started successfully
2012/04/23 20:11:13 -0400 PC-BLAKE MESSAGE Starting IP protection
2012/04/23 20:14:02 -0400 PC-BLAKE Blake MESSAGE IP Protection started successfully

OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) – C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe – (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\ramaint.exe – (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe – (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] – C:\Program Files\Citrix\GoToMyPC\g2svc.exe – (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\LogMeIn.exe – (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] – C:\Program Files\SUPERAntiSpyware\SASCore.exe – (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] – C:\Program Files\Canon\DIAS\CnxDIAS.exe – (Canon Driver Information Assist Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
DRV - File not found [Kernel | System | Stopped] – – (Changer)
DRV - File not found [Kernel | Boot | Stopped] – – (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\mbam.sys – (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswFW.sys – (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] – C:\WINDOWS\System32\drivers\aswSnx.sys – (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\aswNdis2.sys – (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswKbd.sys – (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\aswNdis.sys – (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] – C:\WINDOWS\System32\LMIRfsClientNP.dll – (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\bbcap.sys – (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] – C:\WINDOWS\system32\drivers\LMIRfsDriver.sys – (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] – C:\Program Files\LogMeIn\x86\rainfo.sys – (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] – C:\Program Files\SUPERAntiSpyware\sasdifsv.sys – (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] – C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS – (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\k57xp32.sys – (k57w2k) Broadcom NetLink ™
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM…\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003…\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra ‘Tools’ menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk )
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) – C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) – C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | —D | C] – C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | —D | C] – C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | —D | C] – C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | —D | C] – C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) – C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | —D | C] – C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | —D | C] – C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] – C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | —D | C] – C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | —D | C] – C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () – C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) – C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () – C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () – C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () – C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () – C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () – C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () – C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () – C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) – C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () – C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () – C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () – C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () – C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () – C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R— | C] () – C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () – C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () – C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () – C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () – C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () – C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () – C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () – C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () – C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () – C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () – C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () – C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () – C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () – C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () – C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () – C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/22 13:31:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () – C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () – C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () – C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () – C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () – C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () – C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U*.* /s >

< %USERPROFILE%..|smtmp;true;true;true /FP >

< >

< End of report >

OTL Logs:
OTL logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) – C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe – (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
SRV - [2012/02/07 10:19:14 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\ramaint.exe – (LMIMaint)
SRV - [2012/02/07 10:19:04 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe – (LMIGuardianSvc)
SRV - [2011/11/13 08:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] – C:\Program Files\Citrix\GoToMyPC\g2svc.exe – (GoToMyPC)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] – C:\Program Files\LogMeIn\x86\LogMeIn.exe – (LogMeIn)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] – C:\Program Files\SUPERAntiSpyware\SASCore.exe – (!SASCORE)
SRV - [2011/06/09 15:52:26 | 003,732,144 | ---- | M] (CANON INC.) [Auto | Stopped] – C:\Program Files\Canon\DIAS\CnxDIAS.exe – (Canon Driver Information Assist Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
DRV - File not found [Kernel | System | Stopped] – – (Changer)
DRV - File not found [Kernel | Boot | Stopped] – – (cerc6)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\mbam.sys – (MBAMProtector)
DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswFW.sys – (aswFW)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] – C:\WINDOWS\System32\drivers\aswSnx.sys – (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)
DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\aswNdis2.sys – (aswNdis2)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswKbd.sys – (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\aswNdis.sys – (aswNdis)
DRV - [2012/02/07 10:19:05 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] – C:\WINDOWS\System32\LMIRfsClientNP.dll – (LMIRfsClientNP)
DRV - [2012/01/17 19:33:07 | 000,004,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\bbcap.sys – (bbcap)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] – C:\WINDOWS\system32\drivers\LMIRfsDriver.sys – (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] – C:\Program Files\LogMeIn\x86\rainfo.sys – (LMIInfo)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] – C:\Program Files\SUPERAntiSpyware\sasdifsv.sys – (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] – C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS – (SASKUTIL)
DRV - [2009/08/04 01:18:54 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\k57xp32.sys – (k57w2k) Broadcom NetLink ™
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)
DRV - [2007/04/23 18:12:28 | 004,402,176 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-1500820517-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR - Extension: Google Search = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR - Extension: avast! WebRep = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0
CHR - Extension: Gmail = C:\Documents and Settings\Blake\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-507921405-1500820517-682003330-1003..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM…\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-507921405-1500820517-682003330-1003…\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra ‘Tools’ menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PCLaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1325445254734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1325445292687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{60EB3EE5-A4AD-4DC5-B2A5-46AA37DE2F6E}: DhcpNameServer = 192.168.2.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToMyPC: DllName - (C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll) - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:00:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk )
O35 - HKLM..comfile [open] – “%1” %

O35 - HKLM..exefile [open] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 19:22:36 | 000,594,944 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:21:07 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/04/23 19:19:40 | 000,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) – C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 14:24:50 | 005,248,608 | ---- | C] (ParetoLogic Inc.) – C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/23 11:33:49 | 000,000,000 | —D | C] – C:\WINDOWS\TEMP
[2012/04/23 11:33:06 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Blake\UserData
[2012/04/23 11:27:33 | 000,000,000 | —D | C] – C:\TEMP
[2012/04/23 11:27:15 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
[2012/04/23 08:02:30 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sophos
[2012/04/23 08:00:25 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Start Menu\Programs\Sophos
[2012/04/23 08:00:07 | 000,000,000 | —D | C] – C:\Program Files\Sophos
[2012/04/22 18:05:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\EasySoft_Inc
[2012/04/22 14:42:19 | 000,112,984 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswFW.sys
[2012/04/22 14:42:08 | 000,196,440 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/04/22 14:42:07 | 000,024,408 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/22 14:41:59 | 000,012,112 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/04/22 14:40:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/04/22 13:32:07 | 000,000,000 | —D | C] – C:\Program Files\Google
[2012/04/22 13:32:07 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\Google
[2012/04/22 13:31:54 | 000,020,696 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/22 13:31:53 | 000,337,880 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/22 13:31:50 | 000,035,672 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/22 13:31:49 | 000,053,848 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/22 13:31:48 | 000,612,184 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/22 13:31:47 | 000,095,704 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/22 13:31:47 | 000,089,048 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/22 13:31:46 | 000,024,920 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/22 13:31:24 | 000,201,352 | ---- | C] (AVAST Software) – C:\WINDOWS\System32\aswBoot.exe
[2012/04/22 13:31:24 | 000,041,184 | ---- | C] (AVAST Software) – C:\WINDOWS\avastSS.scr
[2012/04/22 13:31:13 | 000,000,000 | —D | C] – C:\Program Files\AVAST Software
[2012/04/22 13:31:13 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/22 12:44:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:56 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/22 12:43:52 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/22 12:43:52 | 000,000,000 | —D | C] – C:\Program Files\SUPERAntiSpyware
[2012/04/22 12:17:05 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\Malwarebytes
[2012/04/22 12:16:51 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012/04/22 12:16:51 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/22 12:16:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/22 12:16:50 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2012/04/22 12:14:38 | 000,000,000 | -HSD | C] – C:\WINDOWS\CSC
[2012/04/22 11:46:25 | 000,000,000 | —D | C] – C:\WINDOWS\Downloaded Program Files
[2012/04/22 11:43:34 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Blake\Cookies
[2012/04/22 11:40:06 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\My Documents\downloads
[2012/04/22 11:31:06 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\LogMeIn Rescue Applet
[2012/04/22 11:18:57 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/04/22 11:18:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/04/22 11:18:43 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Start Menu\Programs\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Program Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ParetoLogic
[2012/04/22 11:18:35 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/19 11:00:43 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/19 11:00:11 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/04 12:58:59 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/04 12:58:21 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
[2012/04/04 12:58:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Microsoft
[2012/04/04 12:58:13 | 000,000,000 | —D | C] – C:\Program Files\Microsoft.NET
[2012/04/04 12:55:06 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Analysis Services
[2012/04/04 12:54:51 | 000,000,000 | —D | C] – C:\Documents and Settings\Blake\Local Settings\Application Data\Microsoft Help
[2012/04/04 12:54:47 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Microsoft Help
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========
[2012/04/23 19:40:56 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2012/04/23 19:40:38 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2012/04/23 19:37:02 | 000,220,226 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 19:26:42 | 000,000,031 | ---- | M] () – C:\WINDOWS\System32\bbcap.err
[2012/04/23 19:23:03 | 000,594,944 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Blake\Desktop\OTL.exe
[2012/04/23 19:20:43 | 000,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) – C:\Documents and Settings\Blake\Desktop\R92578.EXE
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () – C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/23 14:30:31 | 000,920,096 | ---- | M] () – C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 15:22:03 | 000,002,291 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\CIS 2.2.lnk
[2012/04/22 14:42:07 | 000,002,625 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2012/04/22 14:40:31 | 000,001,689 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | M] () – C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 11:38:22 | 000,000,045 | ---- | M] () – C:\0.bak
[2012/04/22 11:18:43 | 000,000,838 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () – C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () – C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () – C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/22 11:18:11 | 005,248,608 | ---- | M] (ParetoLogic Inc.) – C:\Documents and Settings\Blake\My Documents\ParetoLogic PC Health Advisor.exe
[2012/04/20 17:16:02 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 06:56:34 | 000,001,116 | ---- | M] () – C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/12 08:22:02 | 000,000,790 | ---- | M] () – C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 19:06:12 | 000,501,638 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2012/04/11 19:06:12 | 000,089,146 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2012/04/11 19:03:45 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/04 13:10:01 | 000,241,536 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/01 18:00:50 | 000,001,824 | ---- | M] () – C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/01 18:00:50 | 000,001,758 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2012/03/30 11:12:33 | 000,000,773 | ---- | M] () – C:\Documents and Settings\Blake\Desktop\PCLaw®.lnk
[3 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2012/04/23 19:37:02 | 000,220,226 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - c2pokerface.com
[2012/04/23 19:35:15 | 000,135,521 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\Malicious URL Blocked Screenshot - Ololoshaface.com
[2012/04/23 15:28:15 | 000,920,096 | ---- | C] () – C:\Documents and Settings\Blake\My Documents\Norton_Removal_Tool.exe
[2012/04/22 14:40:31 | 000,001,689 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job
[2012/04/22 12:44:20 | 000,000,510 | ---- | C] () – C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 12:43:56 | 000,001,678 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2012/04/22 12:36:23 | 000,000,664 | ---- | C] () – C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:16:52 | 000,000,784 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 12:05:01 | 000,049,152 | R— | C] () – C:\WINDOWS\System32\ChCfg.exe
[2012/04/22 11:38:21 | 000,000,045 | ---- | C] () – C:\0.bak
[2012/04/22 11:19:17 | 000,000,444 | ---- | C] () – C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,838 | ---- | C] () – C:\Documents and Settings\Blake\Desktop\ParetoLogic PC Health Advisor.lnk
[2012/04/22 11:18:41 | 000,000,418 | ---- | C] () – C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:40 | 000,000,376 | ---- | C] () – C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:38 | 000,000,358 | ---- | C] () – C:\WINDOWS\tasks\PC Health Advisor.job
[2012/04/20 19:00:14 | 001,089,032 | ---- | C] () – C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/20 06:56:34 | 000,001,116 | ---- | C] () – C:\WINDOWS\System32\C__Documents and Settings_NetworkService_Local Settings_Temporary Internet Files_Content.IE5_YTO161MN_CASSVQM3.HTM
[2012/04/04 13:12:53 | 000,000,790 | ---- | C] () – C:\Documents and Settings\Blake\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/15 09:04:30 | 000,003,072 | ---- | C] () – C:\WINDOWS\System32\iacenc.dll
[2012/01/16 19:44:17 | 000,035,080 | -H-- | C] () – C:\WINDOWS\System32\mlfcache.dat
[2012/01/02 12:50:56 | 000,000,256 | ---- | C] () – C:\WINDOWS\System32\pool.bin
[2012/01/01 16:58:52 | 000,430,080 | ---- | C] () – C:\WINDOWS\System32\ZSHP1018.EXE
[2012/01/01 16:02:10 | 000,982,196 | ---- | C] () – C:\WINDOWS\System32\igkrng500.bin
[2012/01/01 16:02:10 | 000,417,344 | ---- | C] () – C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/01 15:18:48 | 000,000,376 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2012/01/01 15:08:16 | 000,000,008 | ---- | C] () – C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2012/01/01 15:02:26 | 000,002,048 | --S- | C] () – C:\WINDOWS\bootstat.dat
[2012/01/01 14:58:28 | 000,021,640 | ---- | C] () – C:\WINDOWS\System32\emptyregdb.dat
[2012/01/01 09:53:08 | 000,004,161 | ---- | C] () – C:\WINDOWS\ODBCINST.INI
[2012/01/01 09:52:07 | 000,241,536 | ---- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/22 13:31:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 19:34:23 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/01/01 17:08:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Canon
[2012/01/01 16:44:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2012/01/06 16:25:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\EasySoft
[2012/04/23 07:44:16 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/01/17 19:33:01 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\LogSys
[2012/04/22 11:18:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/23 08:02:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Sophos
[2012/01/16 18:43:46 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/02 23:03:52 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Amicus
[2012/01/17 19:34:16 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Blueberry
[2012/04/22 11:18:57 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\DriverCure
[2012/01/02 23:02:59 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Gavel & Gown Software Inc
[2012/01/17 19:33:15 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\LogSys
[2012/04/22 11:18:55 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\ParetoLogic
[2012/01/16 12:03:48 | 000,000,000 | —D | M] – C:\Documents and Settings\Blake\Application Data\Research In Motion
[2012/04/23 18:00:00 | 000,000,444 | ---- | M] () – C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2012/04/22 11:18:42 | 000,000,418 | ---- | M] () – C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2012/04/22 11:18:41 | 000,000,376 | ---- | M] () – C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2012/04/22 11:18:40 | 000,000,358 | ---- | M] () – C:\WINDOWS\Tasks\PC Health Advisor.job
[2012/04/22 13:37:44 | 000,000,510 | ---- | M] () – C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b03b0939-7f9d-4339-a6da-85f1379178b4.job
[2012/04/22 13:37:45 | 000,000,510 | ---- | M] () – C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dca25f34-0594-4a04-98f4-4bdbf39a5d71.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\explorer.exe
[2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 – C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 – C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D – C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 03:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U*.* /s >

< %USERPROFILE%..|smtmp;true;true;true /FP >

< >

< End of report >

OTL Extra Log:
OTL Extras logfile created on: 4/23/2012 7:46:05 PM - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\Blake\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.79% Memory free
4.81 Gb Paging File | 4.11 Gb Available in Paging File | 85.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 278.31 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Drive J: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive N: | 1392.71 Gb Total Space | 1172.89 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: PC-BLAKE | User Name: Blake | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.html [@ = ChromeHTML] – Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-507921405-1500820517-682003330-1003\SOFTWARE\Classes<extension>]
.html [@ = htmlfile] – Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open] – “%1” %*
htmlfile [edit] – “C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe” %1 (Microsoft Corporation)
htmlfile [print] – “C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe” /p %1 (Microsoft Corporation)
http [open] – Reg Error: Key error.
https [open] – Reg Error: Key error.
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --playlist-enqueue “%1” ()
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] – “C:\Program Files\VideoLAN\VLC\vlc.exe” --started-from-file --no-playlist-enqueue “%1” ()
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.XWin.exe” = C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.XWin.exe::Enabled:C:\Amicus\Amicus Attorney Premium Workstation\AmicusAttorney.Xwin.exe – (Gavel & Gown Software Inc.)
“C:\Program Files\Canon\DIAS\CnxDIAS.exe” = C:\Program Files\Canon\DIAS\CnxDIAS.exe:
:Enabled:Canon Driver Information Assist Service – (CANON INC.)
“C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE” = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE::Enabled:Microsoft Office Word
“C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe” = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:
:Enabled:WebKit – (Apple Inc.)
“C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE” = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE::Enabled:Microsoft OneNote – (Microsoft Corporation)
“C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE” = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:
:Enabled:Microsoft Office Outlook – (Microsoft Corporation)
“C:\Documents and Settings\Blake\Local Settings\Temp\7zS3.tmp\SymNRT.exe” = C:\Documents and Settings\Blake\Local Settings\Temp\7zS3.tmp\SymNRT.exe::Enabled:Norton Removal Tool
“C:\Documents and Settings\Blake\Local Settings\Temp\7zS5.tmp\SymNRT.exe” = C:\Documents and Settings\Blake\Local Settings\Temp\7zS5.tmp\SymNRT.exe:
:Enabled:Norton Removal Tool
“C:\Documents and Settings\Blake\Local Settings\Temp\7zS6.tmp\SymNRT.exe” = C:\Documents and Settings\Blake\Local Settings\Temp\7zS6.tmp\SymNRT.exe::Enabled:Norton Removal Tool
“C:\Documents and Settings\Blake\Local Settings\Temp\7zS8.tmp\SymNRT.exe” = C:\Documents and Settings\Blake\Local Settings\Temp\7zS8.tmp\SymNRT.exe:
:Enabled:Norton Removal Tool
“C:\Program Files\Microsoft Office\Office14\WINWORD.EXE” = C:\Program Files\Microsoft Office\Office14\WINWORD.EXE:*:Enabled:Microsoft Word – (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{26A24AE4-039D-4CA4-87B4-2F83216030FF}” = Java™ 6 Update 30
“{343666E2-A059-48AC-AD67-230BF74E2DB2}” = Apple Application Support
“{347C3C03-E2E5-41B1-8DD7-E65993348B5E}” = Amicus Attorney Premium Workstation 2011
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}” = ParetoLogic PC Health Advisor
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4D336556-69A2-4566-8EBD-0464C253C2E4}” = CIS 2.2
“{4D612FB2-1AE7-4E46-9377-35BB2F06A787}” = Roxio Media Manager
“{58F4D4FD-1814-4068-B316-C28FC776C6DD}” = GoToMyPC
“{5905F42D-3F5F-4916-ADA6-94A3646AEE76}” = Dell Driver Reset Tool
“{5E1DB401-0120-4870-8048-423AF9F6297B}” = SupportCalc PA
“{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}” = BlackBerry® Media Sync
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{79155F2B-9895-49D7-8612-D92580E0DE5B}” = Bonjour
“{7BE15435-2D3E-4B58-867F-9C75BED0208C}” = QuickTime
“{8153ED9A-C94A-426E-9880-5E6775C08B62}” = Apple Mobile Device Support
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{90120000-0020-0409-0000-0000000FF1CE}” = Compatibility Pack for the 2007 Office system
“{90140000-0010-0409-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (English) 14
“{90140000-0015-0409-0000-0000000FF1CE}” = Microsoft Office Access MUI (English) 2010
“{90140000-0015-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0016-0409-0000-0000000FF1CE}” = Microsoft Office Excel MUI (English) 2010
“{90140000-0016-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0018-0409-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (English) 2010
“{90140000-0018-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0019-0409-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (English) 2010
“{90140000-0019-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001A-0409-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (English) 2010
“{90140000-001A-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001B-0409-0000-0000000FF1CE}” = Microsoft Office Word MUI (English) 2010
“{90140000-001B-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2010
“{90140000-001F-0409-0000-0000000FF1CE}Office14.SingleImage{99ACCA38-6DD3-48A8-96AE-A283C9759279}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2010
“{90140000-001F-040C-0000-0000000FF1CE}Office14.SingleImage{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2010
“{90140000-001F-0C0A-0000-0000000FF1CE}Office14.SingleImage{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-002C-0409-0000-0000000FF1CE}” = Microsoft Office Proofing (English) 2010
“{90140000-002C-0409-0000-0000000FF1CE}Office14.SingleImage{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-003D-0000-0000-0000000FF1CE}” = Microsoft Office Single Image 2010
“{90140000-003D-0000-0000-0000000FF1CE}Office14.SingleImage{047B0968-E622-4FAA-9B4B-121FA109EDDE}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-006E-0409-0000-0000000FF1CE}” = Microsoft Office Shared MUI (English) 2010
“{90140000-006E-0409-0000-0000000FF1CE}Office14.SingleImage{4560037C-E356-444A-A015-D21F487D809E}” = Microsoft Office 2010 Service Pack 1 (SP1)

“{90140000-00A1-0409-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (English) 2010
“{90140000-00A1-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0115-0409-0000-0000000FF1CE}” = Microsoft Office Shared Setup Metadata MUI (English) 2010
“{90140000-0115-0409-0000-0000000FF1CE}Office14.SingleImage{4560037C-E356-444A-A015-D21F487D809E}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0117-0409-0000-0000000FF1CE}” = Microsoft Office Access Setup Metadata MUI (English) 2010
“{90140000-0117-0409-0000-0000000FF1CE}Office14.SingleImage{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
“{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
“{976475B8-63E9-4559-BE2C-D26086BE4C40}” = LogMeIn
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}” = Broadcom Gigabit NetLink Controller
“{A47D08BF-E95A-47FB-A42F-8FCB0351339C}” = Amicus Attorney Premium Tasks Toolbar
“{AC76BA86-1033-0000-BA7E-000000000001}” = Adobe Acrobat 6.0 Standard
“{AC76BA86-7AD7-1033-7B44-AA1000000001}” = Adobe Reader X (10.1.3)
“{AEB9948B-4FF2-47C9-990E-47014492A0FE}” = MSXML 6.0 Parser
“{B829E117-D072-41EA-9606-9826A38D34C1}” = Sophos Virus Removal Tool
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{D661A28E-3922-4484-84EA-5A3C924369E6}” = Amicus Merge Toolbar
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}” = iTunes
“{F8C04C5B-8876-424D-B428-23626373D2A0}” = BlackBerry Desktop Software 5.0
“{FE23D063-934D-4829-A0D8-00634CE79B4A}” = Adobe AIR
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“avast” = avast! Internet Security
“BB FlashBack Pro 3” = BB FlashBack Pro 3
“BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}” = BlackBerry Desktop Software 5.0
“Express ClickYes” = Express ClickYes 1.2
“HDMI” = Intel(R) Graphics Media Accelerator Driver
“ie8” = Windows Internet Explorer 8
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.61.0.1400
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Office14.SingleImage” = Microsoft Office Home and Business 2010
“PCLaw” = LexisNexis PCLaw
“VLC media player” = VLC media player 1.1.11
“Windows Media Format Runtime” = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ Amicus Attorney Events ]
Error - 4/20/2012 11:14:58 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:14:58 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:

Error - 4/20/2012 11:16:22 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:16:22 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.Net.Sockets.SocketException Message: A connection attempt failed because
the connected party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond 192.168.2.25:49259
HelpLink:
StackTrace Information ********************************************* at AmicusAttorney.XOL.Client.AmicusCustomProxy.Invoke(IMessage
msg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at AmicusAttorney.XOL.Shared.ManagerInterfaces.IManagerBase.GetListRemote(Byte
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.ManagerBaseProxy.GetList(SearchFilterBase
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.CommunicationManagerProxy.GetList(CommunicationSearchFilter
filter, Boolean includeUnsavedEmails) at AmicusAttorney.Providers.DataProvider.DataSourceCacheProvider.GetData(GetDataInfo
info, SearchFilterBase& searchFilterBase) at AmicusAttorney.Providers.DataProvider.CommProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

Error - 4/20/2012 11:16:22 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:16:22 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:

Error - 4/20/2012 11:17:04 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:17:04 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.Net.Sockets.SocketException Message: A connection attempt failed because
the connected party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond 192.168.2.25:49259
HelpLink:
StackTrace Information ********************************************* at AmicusAttorney.XOL.Client.AmicusCustomProxy.Invoke(IMessage
msg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at AmicusAttorney.XOL.Shared.ManagerInterfaces.IManagerBase.GetListRemote(Byte
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.ManagerBaseProxy.GetList(SearchFilterBase
baseFilter) at AmicusAttorney.XOL.Shared.ClientMgrProxies.CommunicationManagerProxy.GetList(CommunicationSearchFilter
filter, Boolean includeUnsavedEmails) at AmicusAttorney.Providers.DataProvider.DataSourceCacheProvider.GetData(GetDataInfo
info, SearchFilterBase& searchFilterBase) at AmicusAttorney.Providers.DataProvider.CommProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

Error - 4/20/2012 11:17:04 AM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 11:17:04 AM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: XWin: Amicus
Attorney has lost its connection with the server and needs to shut down. Please
check your network connections and server status before restarting. HelpLink:

Error - 4/20/2012 1:22:01 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 1:22:01 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
Microsoft.ApplicationBlocks.ExceptionManagement.AmicusError Message: InvalidSession.
System will now shut down. HelpLink:

Error - 4/20/2012 3:28:31 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/20/2012 3:28:31 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************

at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

Error - 4/22/2012 6:21:34 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/22/2012 6:21:34 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************

at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

Error - 4/23/2012 3:01:44 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/23/2012 3:01:44 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************

at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

Error - 4/23/2012 6:17:00 PM | Computer Name = PC-BLAKE | Source = Amicus Attorney | ID = 0
Description = AmicusError: ********************************************* Context:
MachineName:
PC-BLAKE TimeStamp: 4/23/2012 6:17:00 PM AppDomainName: AmicusAttorney.Xwin.exe 1)
Exception Information ********************************************* Exception Type:
System.NullReferenceException Message: Object reference not set to an instance of
an object. HelpLink: StackTrace Information *********************************************

at AmicusAttorney.Providers.DataProvider.TimeProvider.SetUpFilter(TimeListContext
listContext) at AmicusAttorney.Providers.DataProvider.TimeProvider.GetList(ISysEventInfo
sysEventInfo, Object _list)

[ Application Events ]
Error - 4/19/2012 2:54:21 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application AmicusAttorney.Xwin.exe, version 11.5.0.4, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2012 2:54:23 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application AmicusAttorney.Xwin.exe, version 11.5.0.4, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2012 1:50:49 PM | Computer Name = PC-BLAKE | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/23/2012 1:51:06 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11704
Description = Product: Google Update Helper – Error 1704. An installation for Roxio
Media Manager is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 4/23/2012 3:32:16 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11706
Description = Product: Amicus Attorney Premium Workstation 2011 – Error 1706.No
valid source could be found for product Amicus Attorney Premium Workstation 2011.
The Windows Installer cannot continue.

Error - 4/23/2012 3:35:51 PM | Computer Name = PC-BLAKE | Source = MsiInstaller | ID = 11706
Description = Product: Amicus Attorney Premium Workstation 2011 – Error 1706.No
valid source could be found for product Amicus Attorney Premium Workstation 2011.
The Windows Installer cannot continue.

[ System Events ]
Error - 4/23/2012 7:15:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7000
Description = The GoToMyPC service failed to start due to the following error: %%1053

Error - 4/23/2012 7:15:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/23/2012 7:25:03 PM | Computer Name = PC-BLAKE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b9f1571d, parameter3
a760b580, parameter4 00000000.

Error - 4/23/2012 7:25:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 4/23/2012 7:25:12 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/23/2012 7:28:24 PM | Computer Name = PC-BLAKE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 b9f1571d, parameter3
a73ff580, parameter4 00000000.

Error - 4/23/2012 7:28:26 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 4/23/2012 7:28:26 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/23/2012 7:41:12 PM | Computer Name = PC-BLAKE | Source = DCOM | ID = 10005
Description = DCOM got error “%1084” attempting to start the service EventSystem
with arguments “” in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/23/2012 7:42:28 PM | Computer Name = PC-BLAKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSnx aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL

< End of report >

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-23 19:51:32

19:51:32.953 OS Version: Windows 5.1.2600 Service Pack 3
19:51:32.953 Number of processors: 2 586 0x170A
19:51:32.953 ComputerName: PC-BLAKE UserName: Blake
19:51:34.859 Initialize success
19:51:35.671 AVAST engine defs: 12042301
19:51:47.687 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
19:51:47.703 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
19:51:47.703 Device \Driver\atapi → DriverStartIo 89ff62e2
19:51:47.718 Disk 0 MBR read successfully
19:51:47.734 Disk 0 MBR scan
19:51:48.171 Disk 0 Windows XP default MBR code
19:51:48.171 Disk 0 MBR hidden
19:51:48.203 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 305234 MB offset 63
19:51:48.421 Disk 0 scanning sectors +625121280
19:51:48.609 Disk 0 scanning C:\WINDOWS\system32\drivers
19:52:02.218 Service scanning
19:52:36.718 Modules scanning
19:52:40.984 Disk 0 trace - called modules:
19:52:41.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89ff64b1]<<
19:52:41.046 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x8a0f2ab8]
19:52:41.078 3 CLASSPNP.SYS[f7637fd7] → nt!IofCallDriver → \Device\0000006a[0x8a100f18]
19:52:41.125 5 ACPI.sys[f75ae620] → nt!IofCallDriver → [0x8a1dc030]
19:52:41.156 \Driver\atapi[0x8a07a030] → IRP_MJ_CREATE → 0x89ff64b1
19:52:42.359 AVAST engine scan C:\WINDOWS
19:52:48.156 AVAST engine scan C:\WINDOWS\system32
19:54:41.046 AVAST engine scan C:\WINDOWS\system32\drivers
19:54:52.187 AVAST engine scan C:\Documents and Settings\Blake
[img]19:59:36.484 AVAST engine scan C:\Documents and Settings\All Users
19:59:55.281 Scan finished successfully
20:00:23.406 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Blake\Desktop\MBR.dat”
20:00:23.421 The log file has been saved successfully to “C:\Documents and Settings\Blake\Desktop\aswMBR.txt”

I AM FINALLY DONE POSTING ALL OF THE LOGS. HOLY SHIT THAT TOOK FOREVER GIVEN THE SPACE RESTRICTIONS. DID I DO SOMETHING WRONG?