Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

tags.bluekai.com [Closed]


  • This topic is locked This topic is locked

#1
smilin47

smilin47

    New Member

  • Member
  • Pip
  • 1 posts
Thank you for reading this post. When visiting a particular website (www.thathomesite.com/forums/kitchentable), I can see the list of forum topics but when I click on the link, instead of going to that link, I get a blank screen with "tags.bluekai.com" at the bottom of the page. I have run Malwarebytes a couple of times. The first time, there was some spyware found & it was fixed. Nothing showed up the second time. Can you please assist me with this issue?

I use WindowsXP Home Edition, version 5.1, service pack 3. When I ran OTL, two pages opened in Notepad. The first one is titled "OTL.txt":


OTL logfile created on: 5/11/2012 7:43:42 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Linda\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.45% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.85 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1694.28 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: LINDA-AMD-DESKT | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 07:40:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda\My Documents\Downloads\OTL.exe
PRC - [2012/04/12 08:11:49 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/04/12 08:11:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/15 00:51:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.4.0.12\ccsvchst.exe
PRC - [2011/02/04 09:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/19 11:17:16 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BellCanada\McciTrayApp.exe
PRC - [2009/12/18 11:23:08 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK03N\STK03NM.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Pixart\PAP7501\GUCI_AVS.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 08:11:49 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/04/12 08:11:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/15 00:51:06 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/11 22:08:56 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/04 09:24:38 | 000,195,584 | ---- | M] () -- C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2011/02/04 09:24:32 | 002,346,496 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
MOD - [2010/12/12 06:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010/12/12 06:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010/12/12 06:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010/12/12 06:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010/12/12 06:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010/12/12 06:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010/05/23 14:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Rainlendar2\lfs.dll
MOD - [2010/05/23 14:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files\Rainlendar2\lua51.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- J:\PC Tools Security\TFEngine\TFService.exe service -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- J:\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- J:\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- J:\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/12 08:11:49 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\4.4.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Linda\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/27 20:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120510.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 19:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 23:10:09 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 23:10:09 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/27 15:40:33 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/21 22:53:36 | 000,362,360 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symtdi.sys -- (SYMTDI)
DRV - [2011/08/21 22:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 00:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/08/03 21:19:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120510.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:19:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120510.033\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/02 11:33:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2010/12/02 11:33:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/02 11:33:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/25 10:42:10 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/17 10:19:50 | 000,249,616 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/10/10 13:17:44 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0404000.00C\symds.sys -- (SymDS)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 11:51:36 | 000,108,544 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK03NW2.sys -- (DCamUSBSTK03N)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 07:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/24 21:24:00 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/11/19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/31 16:43:28 | 000,533,888 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV - [2006/12/28 12:44:44 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-04-12 08:11:52&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3008668
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...x&a=1pb9nqMHWpc
IE - HKCU\..\SearchScopes\{FB89FF34-029C-4111-AF42-A23E85B421FB}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: [email protected]:10.2.0.3
FF - prefs.js..keyword.URL: "http://isearch.avg.c...1:52&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2011/07/31 15:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn_2010_9_0_6 [2012/05/10 15:15:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: J:\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/04/12 08:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/28 15:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 07:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/01 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/04/12 07:57:03 | 000,000,000 | ---D | M]

[2010/07/20 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions
[2010/07/20 16:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/11 07:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s4xxxwpa.default\extensions
[2012/03/16 17:33:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s4xxxwpa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/16 17:33:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s4xxxwpa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/12/07 22:29:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\s4xxxwpa.default\searchplugins\MyStart Search.xml
[2012/05/11 07:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 16:23:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/05 11:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 04:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/26 18:16:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/01/20 08:41:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/04/12 08:12:00 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2012/05/10 15:15:03 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN_2010_9_0_6
[2011/07/31 15:05:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
[2010/07/05 11:31:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/01 19:06:40 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/06/23 06:54:01 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/12 08:11:45 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/06/23 06:54:01 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/23 06:54:01 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/23 06:54:01 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incre...}&a=1pb9nqMHWpc
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.4.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Productivity 3.1 Toolbar) - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.4.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Productivity 3.1 Toolbar) - {9427041A-A8DC-4D06-9A68-93873486E957} - C:\Program Files\Productivity_3.1\prxtbProd.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAP7501_Monitor] C:\WINDOWS\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Panda Security\ActiveScan 2.0\as2guiie.dll" File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components.] C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components..] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Panda Security\ActiveScan 2.0\libcomm.dll" File not found
O4 - HKLM..\RunOnce\Setup: [Registering ActiveScan 2.0 Components...] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Panda Security\ActiveScan 2.0\as2inst.dll" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk = C:\WINDOWS\STK03N\STK03NM.exe (Syntek Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Curious%20Case%20of%20Counterfeit%20Cove/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C1519A9-5C4A-409C-933F-B4122B7D191C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/04 20:33:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ac101b25-dcad-11df-b6ad-6cf0492bcbf1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac101b25-dcad-11df-b6ad-6cf0492bcbf1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac101b25-dcad-11df-b6ad-6cf0492bcbf1}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O33 - MountPoints2\{d85c87c4-1d34-11e0-b6b4-6cf0492bcbf1}\Shell - "" = AutoRun
O33 - MountPoints2\{d85c87c4-1d34-11e0-b6b4-6cf0492bcbf1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d85c87c4-1d34-11e0-b6b4-6cf0492bcbf1}\Shell\AutoRun\command - "" = J:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 03:04:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/29 18:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\tristan
[2012/04/27 19:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LabelCreator Pro
[2012/04/27 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\LabelCreator Pro
[2012/04/23 07:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax 2011
[2012/04/21 23:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\72-04-22
[2012/04/16 14:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\My Documents\old pics
[2012/04/12 08:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\AVG Secure Search
[2012/04/12 08:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/12 08:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/12 08:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/04/12 07:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 07:42:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-725345543-1004UA.job
[2012/05/11 07:41:34 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to OTL.lnk
[2012/05/11 07:08:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 04:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/10 18:42:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-725345543-1004Core.job
[2012/05/10 15:14:50 | 000,188,689 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/10 15:14:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/10 12:11:19 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/10 08:21:18 | 000,013,712 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/10 08:12:55 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/09 03:26:25 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 03:09:56 | 000,704,846 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/05/09 03:06:26 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/09 03:06:26 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/09 03:03:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 19:34:25 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/05/01 20:44:14 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Google Chrome.lnk
[2012/05/01 20:44:14 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/27 19:56:24 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LabelCreator Pro.lnk
[2012/04/25 17:59:54 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/23 07:01:59 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Canada 2011.lnk
[2012/04/17 06:25:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\Microsoft Word.lnk
[2012/04/16 18:16:45 | 000,000,114 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2012/04/16 18:16:44 | 000,000,039 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/04/12 08:06:13 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Linda\Application Data\SharedSettings.ccs
[2012/04/12 07:57:03 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/11 07:41:34 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Linda\Desktop\Shortcut to OTL.lnk
[2012/04/27 19:56:24 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LabelCreator Pro.lnk
[2012/04/27 19:56:24 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LabelCreator Pro.lnk
[2012/04/23 07:01:59 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Canada 2011.lnk
[2012/04/12 07:57:03 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/12 07:57:03 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/04/07 14:17:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012/02/15 19:45:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/12 15:08:25 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 15:03:19 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/27 22:31:52 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/03/24 08:26:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/01/06 23:12:17 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/11/15 22:11:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/02 13:40:20 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/02 13:40:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT
[2010/08/02 10:36:14 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/08/01 19:02:51 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/08/01 19:02:51 | 000,000,039 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/07/12 18:15:20 | 000,139,619 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/07/12 18:15:20 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/07/12 00:57:01 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Linda\Application Data\SharedSettings.ccs
[2010/07/06 18:20:52 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 18:09:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/07/05 12:21:00 | 000,002,007 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2010/07/05 11:54:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/05 11:26:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/04 21:14:59 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/04 21:12:57 | 000,032,770 | ---- | C] () -- C:\WINDOWS\System32\wus3dis.dll
[2010/07/04 21:12:57 | 000,021,506 | ---- | C] () -- C:\WINDOWS\System32\cks3w2k.dll
[2010/07/04 21:11:59 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/07/04 21:11:59 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/07/04 20:35:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 20:31:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/04 16:24:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/04 14:45:15 | 000,145,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 21:05:14 | 003,093,504 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010/05/21 21:03:38 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe
[2010/05/21 21:01:38 | 127,951,849 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/05/21 20:13:06 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

========== LOP Check ==========

[2011/12/01 16:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/04/12 08:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/07 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2010/07/12 00:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2012/01/27 15:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/07/05 12:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2012/01/25 15:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2011/12/07 22:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/12/07 22:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/10/01 06:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/12/07 22:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2010/08/01 19:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/08/01 19:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/04/07 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2012/05/08 19:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/24 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Amazon
[2012/04/12 08:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\AVG Secure Search
[2012/04/16 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Azureus
[2012/04/07 14:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Bell
[2011/05/07 18:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\calibre
[2010/07/12 01:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\CoffeeCup Software
[2012/03/19 06:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\com.Shutterfly.ExpressUploader
[2012/01/27 15:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\DAEMON Tools Lite
[2011/03/07 02:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Gaia Family Tree
[2011/11/30 18:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\MSNInstaller
[2010/07/06 18:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\OpenOffice.org
[2011/05/02 19:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\OverDrive
[2012/03/23 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\PhotoScape
[2012/03/04 21:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\PriceGong
[2010/08/02 10:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\SpinTop
[2011/11/19 19:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\SpinTop Games
[2010/07/20 16:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22C13A5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

_____________________________________________

The second page is titled "Extras.txt" :

OTL Extras logfile created on: 5/11/2012 7:43:42 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Linda\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.45% Memory free
3.85 Gb Paging File | 3.24 Gb Available in Paging File | 84.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.85 Gb Free Space | 63.64% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 1694.28 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: LINDA-AMD-DESKT | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe" = C:\Program Files\CoffeeCup Software\Free FTP\FreeFTP.exe:*:Enabled:Direct FTP Application -- (CoffeeCup Software, Inc.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{882A5F08-3E82-4A66-88DB-6043C11A5CF9}" = LabelCreator Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7FBFCA-6739-48B0-B39A-E1B2BFB2D85C}" = calibre
"{948A3F91-22EE-4E24-B4E0-BADB972357F4}" = ArcSoft Print Creations
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD81537-F8EC-41DB-BBEB-3FCFD70BB186}" = USB2.0 UVC VGA
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E83CD823-C522-4B71-B10A-E1088B3BD261}" = STK03N
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{f0b6c03b-8cea-4c2a-b6bb-12a217ddfc08}" = Nero 9 Essentials
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Kindle" = Amazon Kindle
"AVG Secure Search" = AVG Security Toolbar
"Bejeweled 2" = Bejeweled 2
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"BellCanada" = Bell Internet Check-up
"BFGC" = Big Fish Games: Game Manager
"Browser Defender_is1" = Browser Defender 3.0
"CoffeeCup Free FTP 4.3" = CoffeeCup Free FTP
"Collector's Edition 251" = Collector's Edition 251
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"Digsby" = Digsby
"Gonzo Heads" = Gonzo Heads
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Laptop Drop" = Laptop Drop
"LG Internet Kit" = LG Internet Kit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mega Match" = Mega Match
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Thunderbird (3.1.1)" = Mozilla Thunderbird (3.1.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PFPortChecker" = PFPortChecker 1.0.32
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoScape" = PhotoScape
"PopCap Browser Plugin" = PopCap Browser Plugin
"Productivity_3.1 Toolbar" = Productivity 3.1 Toolbar
"Puzzle And Word Games" = Puzzle And Word Games
"Puzzle Master 3" = Puzzle Master 3
"Puzzle Master 4" = Puzzle Master 4
"Puzzle Master 5" = Puzzle Master 5
"QuicktimePluginDeinstallKey" = Quicktime Browser Plug-In
"Rainlendar2" = Rainlendar2 (remove only)
"Rifle Range" = Rifle Range
"Star Miner Special Edition" = Star Miner Special Edition
"Super Bubble Pop" = Super Bubble Pop
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 8:48:09 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 8:48:09 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 11:42:27 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 4/5/2012 11:42:28 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/5/2012 11:42:29 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/6/2012 12:36:07 AM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 4/6/2012 12:42:40 AM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/6/2012 12:42:40 AM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/6/2012 12:51:41 AM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/6/2012 4:55:05 PM | Computer Name = LINDA-AMD-DESKT | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 5/6/2012 2:03:58 PM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 5/8/2012 7:30:24 PM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%2

Error - 5/8/2012 7:30:24 PM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 5/9/2012 3:26:46 AM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%2

Error - 5/9/2012 3:26:46 AM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 5/10/2012 8:21:35 AM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%2

Error - 5/10/2012 8:21:35 AM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2

Error - 5/10/2012 11:53:40 AM | Computer Name = LINDA-AMD-DESKT | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/10/2012 3:15:03 PM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Auxiliary Service service failed to start due to the
following error: %%2

Error - 5/10/2012 3:15:03 PM | Computer Name = LINDA-AMD-DESKT | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%2


< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Is this issue evidend on all browsers?

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

#3
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP