[RESOLVED] Possible spyware/webpage redirection in Yahoo mail

It didn't work.
Are you sure, you followed my instructions?
You found that "reset" pinhole, correct?

Let's run this fix first....

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  ---

  :OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  ---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Yeah I followed the instructions. The router reset and I reconfigure it. I will run OTL again.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
C:\WINDOWS\002536_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Sandra\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Sandra\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Sandra
->Temp folder emptied: 393 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 1883861 bytes
->FireFox cache emptied: 47879404 bytes
->Opera cache emptied: 143906 bytes
->Flash cache emptied: 8627 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17266 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 48.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sandra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01152011_163729

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 1/15/2011 4:42:33 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 37.00 Mb Available Physical Memory | 14.00% Memory free
626.00 Mb Paging File | 425.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.99 Gb Total Space | 17.15 Gb Free Space | 61.28% Space Free | Partition Type: NTFS

Computer Name: SANDY | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
PRC - [2010/12/31 15:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/31 15:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
MOD - [2010/12/31 15:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/12/31 15:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/31 15:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/12/31 14:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/12/31 14:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/12/31 14:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/12/31 14:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/12/31 14:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 07:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 07:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ltis.net/
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9B B9 AC C1 AE CB 01 [binary data]
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ltis.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/10 10:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/14 15:12:03 | 000,000,000 | ---D | M]

[2011/01/08 12:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Extensions
[2011/01/14 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions
[2011/01/13 11:12:20 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/14 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/08 12:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/08 12:42:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/08 12:42:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/14 15:20:18 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1294445455702 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1294445438998 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 17:37:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 16:38:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/15 16:37:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/15 13:21:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2011/01/15 12:15:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/15 12:12:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/15 12:12:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/15 12:12:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/15 12:12:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/15 12:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/15 12:11:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/15 12:11:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/15 11:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop\Tools ran
[2011/01/15 01:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/14 22:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2011/01/14 22:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 22:22:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/14 22:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/14 22:21:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/14 22:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/14 14:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/14 13:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Browser Guard 2010
[2011/01/14 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/14 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard 2010
[2011/01/13 11:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/01/13 11:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\QuickScan
[2011/01/10 10:24:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/01/10 10:23:34 | 000,000,000 | ---D | C] -- C:\BJPrinter
[2011/01/09 14:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/09 13:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/01/09 13:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/01/09 13:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/01/09 13:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/01/09 13:24:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/01/09 13:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/01/09 13:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/01/09 00:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/01/09 00:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/01/09 00:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/08 14:44:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/01/08 12:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Opera
[2011/01/08 12:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Opera
[2011/01/08 12:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/08 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/08 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/08 12:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/08 12:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Sun
[2011/01/08 12:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Downloads
[2011/01/08 12:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Mozilla
[2011/01/08 12:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Mozilla
[2011/01/08 12:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/08 11:43:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\IECompatCache
[2011/01/08 11:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/08 11:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hoyle®
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\WON
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011/01/08 09:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.TEST
[2011/01/08 09:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.TEST
[2011/01/07 23:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Song lyrics
[2011/01/07 23:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/01/07 23:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/01/07 23:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/07 23:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/07 20:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Macromedia
[2011/01/07 20:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Adobe
[2011/01/07 19:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\snow pics
[2011/01/07 19:27:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Music
[2011/01/07 19:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Word docs
[2011/01/07 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Phone bills
[2011/01/07 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\egg pics
[2011/01/07 19:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\critters
[2011/01/07 19:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Ebay listings
[2011/01/07 19:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\bitch ****
[2011/01/07 19:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/07 19:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/07 19:18:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/07 19:17:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/07 19:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/07 19:04:47 | 000,293,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/07 19:04:47 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/07 19:04:46 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/07 19:04:44 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/07 19:04:42 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/07 19:04:42 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/07 19:04:41 | 000,029,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/07 19:04:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/07 19:04:01 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/07 19:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/07 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/07 19:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\WMTools Downloaded Files
[2011/01/07 19:01:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Videos
[2011/01/07 19:01:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/07 19:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/01/07 18:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/07 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/01/07 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/07 18:52:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/07 18:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2011/01/07 18:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/07 18:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Help
[2011/01/07 18:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Help
[2011/01/07 18:21:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\PrivacIE
[2011/01/07 18:20:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\IETldCache
[2011/01/07 18:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/01/07 18:12:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/07 18:12:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/01/07 17:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Setup files
[2011/01/07 17:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Identities
[2011/01/07 17:46:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/07 17:46:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Pictures
[2011/01/07 17:46:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sandra\Application Data\Microsoft
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\SendTo
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Recent
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Application Data
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu\Programs\Startup
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Favorites
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu\Programs\Accessories
[2011/01/07 17:46:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\Cookies
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Templates
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\PrintHood
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\NetHood
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Local Settings
[2011/01/07 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft
[2011/01/07 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop
[2011/01/07 17:44:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/07 17:44:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/07 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/07 17:44:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/07 17:44:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/07 17:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/07 17:41:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/07 17:41:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/07 17:39:13 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/07 17:35:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/01/07 17:35:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/07 17:35:04 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/07 17:34:38 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/07 17:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/07 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/07 17:33:11 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/07 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/07 17:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/07 17:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/07 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/07 17:32:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/07 17:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/07 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/07 17:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/07 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/07 17:32:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/07 17:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/07 17:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/07 17:31:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/07 17:30:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/01/07 17:30:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/07 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/01/07 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/07 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/01/07 17:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/01/07 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/01/07 17:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/07 17:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/07 17:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/07 17:28:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/01/07 12:22:56 | 000,625,537 | ---- | C] (LT) -- C:\WINDOWS\System32\drivers\ltmdmnt.sys
[2011/01/07 12:22:46 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\drivers\DM9PCI5.SYS
[2011/01/07 12:20:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/07 12:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/07 12:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/07 12:19:53 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/07 12:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/07 12:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/07 12:19:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/07 12:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/07 12:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/07 12:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/07 12:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/07 12:18:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/07 12:18:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/07 12:18:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/07 12:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/07 12:06:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/01/07 12:06:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/07 12:06:15 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/07 12:06:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config

========== Files - Modified Within 30 Days ==========

[2011/01/15 16:45:40 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/15 16:45:40 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 16:44:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/15 16:39:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 16:39:46 | 266,915,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2011/01/15 12:15:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/15 11:50:57 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Sandra\Desktop\ComboFix.exe
[2011/01/14 22:22:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 17:39:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/14 15:20:18 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 14:18:46 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 14:11:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/14 14:11:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Spybot - Search & Destroy.lnk
[2011/01/14 13:37:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\housecall.guid.cache
[2011/01/14 12:18:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\compwise post.doc
[2011/01/13 15:07:08 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 14:51:14 | 002,551,178 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\Dylan talking.wav
[2011/01/13 11:15:30 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\QuickScan Folder.lnk
[2011/01/13 00:16:13 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\fb friends list.doc
[2011/01/09 22:21:12 | 000,041,944 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\circus.fig2.gif
[2011/01/09 19:35:48 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/09 18:17:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/09 13:23:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/09 00:21:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\FREECELL.doc
[2011/01/08 12:21:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 12:20:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/08 11:38:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/08 11:04:31 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Hoyle Board Games 3 (2).lnk
[2011/01/08 11:03:53 | 000,000,244 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2011/01/08 09:27:11 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\TestPokerStars.com.lnk
[2011/01/08 09:27:11 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TestPokerStars.com.lnk
[2011/01/07 23:33:48 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/07 23:31:54 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/07 23:31:54 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/07 23:26:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/07 19:04:48 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/07 18:58:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/07 18:56:13 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/07 18:41:58 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/07 18:21:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 17:47:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/07 17:44:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/07 17:43:07 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/07 17:37:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/07 17:37:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/07 17:37:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/07 17:37:22 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/07 17:32:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/01 21:15:50 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\PSA for Toddlers.doc
[2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/31 15:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/31 15:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/31 14:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/31 14:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/31 14:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/31 14:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/31 14:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/31 14:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/30 20:48:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\status.doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/15 12:15:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/15 12:15:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/15 12:12:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/15 12:12:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/15 12:12:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/15 12:12:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/15 12:12:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/15 11:49:54 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Sandra\Desktop\ComboFix.exe
[2011/01/15 01:19:29 | 266,915,840 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/14 22:22:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 15:20:18 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-152018.backup
[2011/01/14 14:11:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/14 14:11:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Spybot - Search & Destroy.lnk
[2011/01/14 13:37:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\housecall.guid.cache
[2011/01/14 12:02:30 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\compwise post.doc
[2011/01/13 14:51:13 | 002,551,178 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\Dylan talking.wav
[2011/01/13 11:29:47 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/13 11:15:30 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\QuickScan Folder.lnk
[2011/01/09 22:21:05 | 000,041,944 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\circus.fig2.gif
[2011/01/08 23:08:59 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/01/08 23:08:15 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/01/08 23:04:18 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/01/08 12:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 12:20:36 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/08 11:04:31 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Hoyle Board Games 3 (2).lnk
[2011/01/08 11:03:01 | 000,000,244 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/01/08 09:27:11 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\TestPokerStars.com.lnk
[2011/01/08 09:27:11 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TestPokerStars.com.lnk
[2011/01/07 23:33:48 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/07 23:26:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/07 19:04:48 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/07 18:58:57 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/07 18:56:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/07 18:41:59 | 000,013,704 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/07 18:09:35 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 17:47:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/07 17:46:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 17:44:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/07 17:43:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 17:41:27 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/01/07 17:40:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/07 17:40:27 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/01/07 17:40:25 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/01/07 17:40:21 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/07 17:40:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/01/07 17:40:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/07 17:39:19 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/01/07 17:37:53 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/07 17:37:53 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/07 17:37:53 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/07 17:37:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/07 17:37:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/07 17:37:38 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/07 17:34:12 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/01/07 17:33:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/07 17:33:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/07 17:33:18 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/01/07 17:32:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/07 17:30:05 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/07 17:30:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/07 17:30:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/07 17:30:05 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/07 17:30:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/07 17:30:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/07 17:30:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/07 17:30:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/07 17:30:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/07 17:30:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/07 17:30:04 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/07 17:30:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/07 17:30:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/07 17:29:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/07 17:29:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/01/07 15:20:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\FREECELL.doc
[2011/01/07 15:20:16 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\status.doc
[2011/01/07 15:20:16 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\tanks for sale.doc
[2011/01/07 15:20:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\status1.doc
[2011/01/07 15:20:06 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\PSA for Toddlers.doc
[2011/01/07 15:19:53 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\fb friends list.doc
[2011/01/07 12:20:04 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 12:19:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/07 12:19:55 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/01/07 12:19:55 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/01/07 12:19:54 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/01/07 12:19:54 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/01/07 12:19:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/07 12:19:09 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/01/07 12:19:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/01/07 12:19:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/01/07 12:19:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/01/07 12:19:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/01/07 12:19:08 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/01/07 12:19:07 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/01/07 12:19:07 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/01/07 12:18:05 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/07 12:17:09 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/01/07 12:17:03 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2011/01/07 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/08 12:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Opera
[2011/01/13 11:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\QuickScan
[2011/01/15 16:44:48 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Let's try one more time.
It has to work.
Just make sure, you follow everything exactly...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Post new OTL log.

No problem I will do it again in a lil bit. I will keep doing it til this thing is fixed...LOL

One quick question.....after you type in ipconfig is there a space before the / or no space or does it not matter?

Also another question...I have 3 computers networked here....does that make a difference? Should the other 2 be disconnected from the router? Should I run cmd on all 3?

There is a space there. The best option is to copy/paste instead of typing it manually.

Yes, disconnect other computers from the router while resetting it.

OTL logfile created on: 1/15/2011 6:54:11 PM - Run 4
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 36.00 Mb Available Physical Memory | 14.00% Memory free
626.00 Mb Paging File | 435.00 Mb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.99 Gb Total Space | 17.14 Gb Free Space | 61.24% Space Free | Partition Type: NTFS

Computer Name: SANDY | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
PRC - [2010/12/31 15:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/31 15:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
MOD - [2010/12/31 15:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/12/31 15:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/31 15:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/12/31 14:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/12/31 14:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/12/31 14:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/12/31 14:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/12/31 14:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 07:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 07:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ltis.net/
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9B B9 AC C1 AE CB 01 [binary data]
IE - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ltis.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/10 10:24:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/14 15:12:03 | 000,000,000 | ---D | M]

[2011/01/08 12:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Extensions
[2011/01/14 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions
[2011/01/13 11:12:20 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Sandra\Application Data\Mozilla\Firefox\Profiles\hfcr2zbk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/14 23:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/08 12:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/08 12:42:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/08 12:42:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/14 15:20:18 | 000,428,637 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14760 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-507921405-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsof...?1294445455702 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1294445438998 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 17:37:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/15 16:38:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/15 16:37:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/15 13:21:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2011/01/15 12:15:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/15 12:12:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/15 12:12:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/15 12:12:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/15 12:12:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/15 12:11:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/15 12:11:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/01/15 12:11:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/15 11:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop\Tools ran
[2011/01/15 01:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/14 22:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2011/01/14 22:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 22:22:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/14 22:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/14 22:21:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/14 22:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/14 14:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/01/14 13:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Browser Guard 2010
[2011/01/14 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/14 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Browser Guard 2010
[2011/01/13 11:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/01/13 11:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\QuickScan
[2011/01/10 10:24:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2011/01/10 10:23:34 | 000,000,000 | ---D | C] -- C:\BJPrinter
[2011/01/09 14:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/01/09 13:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/01/09 13:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/01/09 13:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/01/09 13:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/01/09 13:24:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/01/09 13:14:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/01/09 13:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/01/09 00:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/01/09 00:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/01/09 00:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/08 14:44:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/01/08 12:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Opera
[2011/01/08 12:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Opera
[2011/01/08 12:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/08 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/01/08 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/08 12:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/08 12:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Sun
[2011/01/08 12:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Downloads
[2011/01/08 12:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Mozilla
[2011/01/08 12:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Mozilla
[2011/01/08 12:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/08 11:43:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\IECompatCache
[2011/01/08 11:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/08 11:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hoyle®
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\WON
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2011/01/08 11:03:21 | 000,000,000 | ---D | C] -- C:\SIERRA
[2011/01/08 09:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.TEST
[2011/01/08 09:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.TEST
[2011/01/07 23:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Song lyrics
[2011/01/07 23:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/01/07 23:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/01/07 23:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/01/07 23:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/07 20:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Macromedia
[2011/01/07 20:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Adobe
[2011/01/07 19:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\snow pics
[2011/01/07 19:27:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Music
[2011/01/07 19:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Word docs
[2011/01/07 19:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Phone bills
[2011/01/07 19:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\egg pics
[2011/01/07 19:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\critters
[2011/01/07 19:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Ebay listings
[2011/01/07 19:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\bitch ****
[2011/01/07 19:22:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/01/07 19:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/07 19:18:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/07 19:17:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/07 19:11:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/07 19:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/07 19:04:47 | 000,293,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/07 19:04:47 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/07 19:04:46 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/07 19:04:44 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/07 19:04:42 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/07 19:04:42 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/07 19:04:41 | 000,029,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/07 19:04:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/07 19:04:01 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/07 19:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/07 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/07 19:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\WMTools Downloaded Files
[2011/01/07 19:01:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Videos
[2011/01/07 19:01:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/01/07 19:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/01/07 18:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/01/07 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/01/07 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/07 18:52:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2011/01/07 18:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2011/01/07 18:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/07 18:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Help
[2011/01/07 18:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Help
[2011/01/07 18:21:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\PrivacIE
[2011/01/07 18:20:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\IETldCache
[2011/01/07 18:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/01/07 18:12:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/07 18:12:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/01/07 17:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\My Documents\Setup files
[2011/01/07 17:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Identities
[2011/01/07 17:46:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/01/07 17:46:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents\My Pictures
[2011/01/07 17:46:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sandra\Application Data\Microsoft
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\SendTo
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Recent
[2011/01/07 17:46:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sandra\Application Data
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu\Programs\Startup
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\My Documents
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Favorites
[2011/01/07 17:46:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sandra\Start Menu\Programs\Accessories
[2011/01/07 17:46:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sandra\Cookies
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Templates
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\PrintHood
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\NetHood
[2011/01/07 17:46:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sandra\Local Settings
[2011/01/07 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Local Settings\Application Data\Microsoft
[2011/01/07 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop
[2011/01/07 17:44:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/01/07 17:44:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/01/07 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/01/07 17:44:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/01/07 17:44:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/01/07 17:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/01/07 17:41:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/01/07 17:41:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/01/07 17:39:13 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/01/07 17:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/01/07 17:35:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/01/07 17:35:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/01/07 17:35:04 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/01/07 17:34:38 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/01/07 17:33:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/01/07 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/01/07 17:33:11 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/01/07 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/01/07 17:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/01/07 17:33:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/01/07 17:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/01/07 17:32:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/01/07 17:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/01/07 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/01/07 17:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/01/07 17:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/01/07 17:32:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/01/07 17:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/07 17:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/01/07 17:31:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/01/07 17:30:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/01/07 17:30:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/07 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/01/07 17:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/07 17:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/01/07 17:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/01/07 17:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/01/07 17:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/01/07 17:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/01/07 17:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/01/07 17:28:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/01/07 12:22:56 | 000,625,537 | ---- | C] (LT) -- C:\WINDOWS\System32\drivers\ltmdmnt.sys
[2011/01/07 12:22:46 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\drivers\DM9PCI5.SYS
[2011/01/07 12:20:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/01/07 12:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/01/07 12:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/01/07 12:19:53 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/01/07 12:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/01/07 12:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/01/07 12:19:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/01/07 12:19:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/01/07 12:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/01/07 12:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/01/07 12:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/01/07 12:18:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/01/07 12:18:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/01/07 12:18:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/01/07 12:18:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/07 12:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/01/07 12:06:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/01/07 12:06:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/01/07 12:06:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/01/07 12:06:15 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/01/07 12:06:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/01/07 12:06:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config

========== Files - Modified Within 30 Days ==========

[2011/01/15 18:58:24 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/15 18:58:24 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 18:56:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/15 18:52:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/15 18:52:03 | 266,915,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 13:21:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2011/01/15 12:15:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/15 11:50:57 | 004,154,944 | R--- | M] () -- C:\Documents and Settings\Sandra\Desktop\ComboFix.exe
[2011/01/14 22:22:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 17:39:04 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/14 15:20:18 | 000,428,637 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 14:18:46 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 14:11:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/14 14:11:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Spybot - Search & Destroy.lnk
[2011/01/14 13:37:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\housecall.guid.cache
[2011/01/14 12:18:44 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\compwise post.doc
[2011/01/13 15:07:08 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 14:51:14 | 002,551,178 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\Dylan talking.wav
[2011/01/13 11:15:30 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\QuickScan Folder.lnk
[2011/01/13 00:16:13 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\fb friends list.doc
[2011/01/09 22:21:12 | 000,041,944 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\circus.fig2.gif
[2011/01/09 19:35:48 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/09 18:17:33 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/09 13:23:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/09 00:21:42 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\FREECELL.doc
[2011/01/08 12:21:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 12:20:37 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/08 11:38:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/08 11:04:31 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Hoyle Board Games 3 (2).lnk
[2011/01/08 11:03:53 | 000,000,244 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2011/01/08 09:27:11 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\TestPokerStars.com.lnk
[2011/01/08 09:27:11 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TestPokerStars.com.lnk
[2011/01/07 23:33:48 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/07 23:31:54 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/07 23:31:54 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/07 23:26:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/07 19:04:48 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/07 18:58:57 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/07 18:56:13 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/01/07 18:41:58 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/07 18:21:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 17:47:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/07 17:44:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/07 17:43:07 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/07 17:37:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/07 17:37:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/01/07 17:37:42 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/07 17:37:22 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/07 17:32:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/01 21:15:50 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\PSA for Toddlers.doc
[2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/12/31 15:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/12/31 15:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/12/31 14:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/12/31 14:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/12/31 14:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/12/31 14:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/12/31 14:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/12/31 14:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/12/30 20:48:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Sandra\My Documents\status.doc
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/15 12:15:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/15 12:15:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/15 12:12:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/15 12:12:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/15 12:12:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/15 12:12:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/15 12:12:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/15 11:49:54 | 004,154,944 | R--- | C] () -- C:\Documents and Settings\Sandra\Desktop\ComboFix.exe
[2011/01/15 01:19:29 | 266,915,840 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/14 22:22:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 15:20:18 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110114-152018.backup
[2011/01/14 14:11:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/14 14:11:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Spybot - Search & Destroy.lnk
[2011/01/14 13:37:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\housecall.guid.cache
[2011/01/14 12:02:30 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\compwise post.doc
[2011/01/13 14:51:13 | 002,551,178 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\Dylan talking.wav
[2011/01/13 11:29:47 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/13 11:15:30 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\QuickScan Folder.lnk
[2011/01/09 22:21:05 | 000,041,944 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\circus.fig2.gif
[2011/01/08 23:08:59 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/01/08 23:08:15 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/01/08 23:04:18 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/01/08 12:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/08 12:20:36 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/08 11:04:31 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Hoyle Board Games 3 (2).lnk
[2011/01/08 11:03:01 | 000,000,244 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/01/08 09:27:11 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\TestPokerStars.com.lnk
[2011/01/08 09:27:11 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TestPokerStars.com.lnk
[2011/01/07 23:33:48 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/01/07 23:26:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/01/07 19:04:48 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/07 18:58:57 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/07 18:56:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/07 18:41:59 | 000,013,704 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/01/07 18:09:35 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Sandra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 17:47:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/07 17:46:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Sandra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 17:44:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/01/07 17:43:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 17:41:27 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/01/07 17:40:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/01/07 17:40:27 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/01/07 17:40:25 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/01/07 17:40:21 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/01/07 17:40:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/01/07 17:40:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/01/07 17:39:19 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/01/07 17:37:53 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/07 17:37:53 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/01/07 17:37:53 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/01/07 17:37:53 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/01/07 17:37:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/01/07 17:37:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/01/07 17:37:38 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/01/07 17:34:12 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/01/07 17:33:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/01/07 17:33:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/01/07 17:33:18 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/01/07 17:32:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/07 17:30:05 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/01/07 17:30:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/01/07 17:30:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/01/07 17:30:05 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/01/07 17:30:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/01/07 17:30:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/01/07 17:30:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/01/07 17:30:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/01/07 17:30:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/01/07 17:30:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/01/07 17:30:04 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/01/07 17:30:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/01/07 17:30:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/01/07 17:29:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/01/07 17:29:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/01/07 15:20:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\FREECELL.doc
[2011/01/07 15:20:16 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\status.doc
[2011/01/07 15:20:16 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\tanks for sale.doc
[2011/01/07 15:20:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\status1.doc
[2011/01/07 15:20:06 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\PSA for Toddlers.doc
[2011/01/07 15:19:53 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\Sandra\My Documents\fb friends list.doc
[2011/01/07 12:20:04 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/01/07 12:19:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/07 12:19:55 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/01/07 12:19:55 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/01/07 12:19:54 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/01/07 12:19:54 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/01/07 12:19:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/01/07 12:19:09 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/01/07 12:19:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/01/07 12:19:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/01/07 12:19:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/01/07 12:19:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/01/07 12:19:08 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/01/07 12:19:07 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/01/07 12:19:07 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/01/07 12:18:05 | 000,116,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/07 12:17:09 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/01/07 12:17:03 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2011/01/07 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/08 12:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Opera
[2011/01/13 11:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\QuickScan
[2011/01/15 18:56:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Very good job :)

I assume, any redirection should be gone by now?

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

Well I went to Yahoo email (which that was where most of the redirection was from) just before coming back here and was afraid to even look in my inbox...LOL No redirection so far. I will run other stuff. Then can you tell me what exactly it was that was there or an idea of what was there. And also how do I prevent it from coming back again?

Oh and I ran ESET yesterday and it didn't find anything. Should I run it again?