Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't go anywhere [Solved]


  • This topic is locked This topic is locked

#31
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I've just now timed out twice while trying to send this OTL log.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_DATA_FOLDER deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_INSTALL_FOLDER deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_XP deleted successfully.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\FREDA\Desktop\Geeks2Go\cmd.bat deleted successfully.
C:\Documents and Settings\FREDA\Desktop\Geeks2Go\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: FREDA
->Temp folder emptied: 7839210 bytes
->Temporary Internet Files folder emptied: 31651844 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 956879 bytes
->Flash cache emptied: 602 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33388 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 240946 bytes

Total Files Cleaned = 39.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02282013_174007

Files\Folders moved on Reboot...
C:\Documents and Settings\FREDA\Local Settings\Temporary Internet Files\Content.IE5\70JHBPOY\page__st__15[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e4c.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#32
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Question: Do other people access that wireless router?

Tell me when you get back.

In the meantime please carry out the cleanup actions at post #26 and then download and run OTL for the other machine you want checked. Post the results back here.
  • 0

#33
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Did you get the last OTL you wanted. I've timed out a couple times in the last few minutes. The only people accessing the router are my wife and I(kids and grandkids at times). I'll perform the clean-up now and post the OTL from my laptop. Lastly for now, I have both Superantispyware and Malwarebytes on this computer. Which one should I use or both? Thanks

Edited by chaknik, 28 February 2013 - 07:02 PM.

  • 0

#34
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Lastly for now, I have both Superantispyware and Malwarebytes on this computer.


Personally I like Malwarebytes. Nowadays when you download it, SuperAntiSpyWare installs the Chrome browser which if you have it already is of no consequence but if you don't, is a bit of a pain. Chrome is not my favorite browser and I don't agree with foistware which is what SAS and Chrome are doing. Because I like SuperAntiSpyWare I recently experimented to see if installing SAS using the custom option and unchecking the Chrome installation boxes would work. I found that Chrome installs anyway (the only way around that I can see is to uninstall Chrome after installation). SOoo, while in the past I have promoted SAS I think I will drop it for that reason.

The thing to remember is that if you have the real time version of Malwarebytes installed you will have to ensure it is configured not to conflict with your anti-virus program. That is not an issue with the free version as it doesn't run in real time. Just update and run it once a week to check for anything it can find.

The only people accessing the router are my wife and I(kids and grandkids at times).


Hmm... I have found at my home that when there are more than one person using the modem/router there can be a slow down... almost to freezing point on some occasions in internet access. Don't know whether it is your problem but something to keep in mind.

Edited by emeraldnzl, 28 February 2013 - 07:20 PM.
added router comment

  • 0

#35
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the OTL and Extra logs from my laptop:

OTL logfile created on: 2/28/2013 7:26:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roy & Freda\Desktop\Geeks2Go
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.37% Memory free
4.23 Gb Paging File | 3.20 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 37.73 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.31 Gb Free Space | 63.13% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Roy & Freda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/28 19:25:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Roy & Freda\Desktop\Geeks2Go\OTL.exe
PRC - [2013/02/10 11:21:25 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/10/15 14:37:42 | 000,525,240 | ---- | M] (NDS Technologies) -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/10/15 14:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 11:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2012/03/22 14:18:30 | 000,055,728 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2011/06/24 11:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/04/27 07:32:06 | 000,386,592 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/01/12 09:52:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2007/01/12 09:51:28 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/15 14:39:00 | 000,091,536 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/10/15 14:38:54 | 000,273,824 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/10/15 14:38:52 | 001,402,784 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/10/15 14:38:34 | 000,688,560 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/10/15 14:37:54 | 007,123,880 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/10/15 14:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/10/15 14:37:32 | 002,203,048 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2006/11/03 16:46:24 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/03 16:25:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013/02/28 08:47:44 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/02 14:29:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/03/22 14:18:30 | 000,055,728 | ---- | M] () [Auto | Running] -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2011/06/24 11:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/08/22 11:03:26 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/27 07:32:06 | 000,386,592 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/12 09:52:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2011/03/03 15:40:22 | 000,208,128 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2010/06/23 05:18:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/23 05:18:36 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/04 21:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 07:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/06/27 17:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx12.sys -- (swumx12)
DRV - [2007/06/27 17:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u12.sys -- (SWNC8U12)
DRV - [2007/06/14 12:59:26 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/28 23:23:34 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/12 09:52:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/20 13:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 13:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 13:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 17:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 01:36:49 | 000,068,096 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97via.sys -- (VIAudio)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/10/30 11:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/20 13:34:16 | 000,037,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Roy & Freda\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E2BF730D-A874-4D8F-9A27-1363434315A7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKCU\..\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}: "URL" = http://search.netzer...y={searchTerms}
IE - HKCU\..\SearchScopes\{ADAC8E79-AEFE-48C4-87BA-97211A49AF70}: "URL" = http://search.condui...&ctid=CT3018509
IE - HKCU\..\SearchScopes\{E2BF730D-A874-4D8F-9A27-1363434315A7}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{EF3C7454-0E35-47CB-89A6-15C9B76CC87E}: "URL" = http://websearch.ask...B9-1DD2AB1899EF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/02 14:29:22 | 000,000,000 | ---D | M]

[2011/08/26 12:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy & Freda\AppData\Roaming\Mozilla\Extensions
[2012/10/28 14:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roy & Freda\AppData\Roaming\Mozilla\Firefox\Profiles\n8le1t6s.default\extensions
[2012/09/27 11:41:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Roy & Freda\AppData\Roaming\Mozilla\Firefox\Profiles\n8le1t6s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/02 14:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/02 14:29:22 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/28 14:33:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/02 14:29:20 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Motive\npMotive.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: PCShow Player Plugin (Enabled) = C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Roy & Freda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/08/23 15:08:38 | 000,433,997 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [attcm.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe (AT&T)
O4 - HKCU..\Run: [PCShowServer] C:\Users\Roy & Freda\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://www.adobe.com...?promoid=DJDXI" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{256EE87B-F516-437F-95EC-FFEDAFDD00BF}: DhcpNameServer = 172.26.38.1 172.26.38.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{256EE87B-F516-437F-95EC-FFEDAFDD00BF}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F3E6FD3-3946-4322-A47C-ADDFB1C79E5B}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5723A55E-B1D5-4EA8-98CA-48959AEA7BC0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5723A55E-B1D5-4EA8-98CA-48959AEA7BC0}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2490676-F2B6-4003-B434-72CAB5DBC11D}: DhcpNameServer = 66.102.163.231 66.209.10.201
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell - "" = AutoRun
O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell - "" = AutoRun
O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/28 19:25:21 | 000,000,000 | ---D | C] -- C:\Users\Roy & Freda\Desktop\Geeks2Go
[2013/02/28 19:16:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/28 13:59:32 | 000,032,120 | ---- | C] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2013/02/28 13:59:31 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/02/28 10:30:43 | 000,000,000 | ---D | C] -- C:\Users\Roy & Freda\AppData\Roaming\Malwarebytes
[2013/02/28 10:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/28 10:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/28 10:30:32 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/28 10:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/10 15:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/28 19:25:15 | 000,069,100 | ---- | M] () -- C:\Users\Roy & Freda\AppData\Roaming\nvModes.001
[2013/02/28 18:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/28 18:38:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 18:05:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 18:05:57 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/28 16:11:03 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED51914A-8061-4534-9875-4A8DEE6D2E2E}.job
[2013/02/28 16:10:27 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/28 16:10:27 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/28 16:06:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 16:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/28 14:15:17 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/28 13:59:25 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/28 10:30:33 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/28 08:47:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/28 08:47:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/28 08:44:45 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/28 13:59:25 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/02/28 13:59:19 | 000,001,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/02/28 10:30:33 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 18:05:46 | 000,027,520 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\dt.dat
[2012/08/27 09:45:17 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2012/08/24 19:26:28 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/08/23 15:49:34 | 000,012,337 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/23 14:03:29 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/08/23 08:54:27 | 000,263,715 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\census.cache
[2012/08/23 08:54:05 | 000,210,160 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\ars.cache
[2012/08/23 08:40:19 | 000,000,036 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\housecall.guid.cache
[2011/12/07 13:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2008/08/22 10:59:03 | 000,061,224 | ---- | C] () -- C:\Users\Roy & Freda\GoToAssistDownloadHelper.exe
[2007/10/23 15:34:42 | 000,478,720 | ---- | C] () -- C:\Program Files\MyFonts.exe
[2007/10/23 15:34:42 | 000,050,589 | ---- | C] () -- C:\Program Files\MonoPD.ttr
[2007/10/23 15:34:42 | 000,050,271 | ---- | C] () -- C:\Program Files\MonoPDB.ttr
[2007/10/23 15:34:42 | 000,029,868 | ---- | C] () -- C:\Program Files\Unin.ttr
[2007/10/23 15:34:42 | 000,029,724 | ---- | C] () -- C:\Program Files\Unib.ttr
[2007/10/23 15:34:42 | 000,000,048 | ---- | C] () -- C:\Program Files\MyFonts.url
[2007/10/10 14:58:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/10 08:35:43 | 000,007,484 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\d3d9caps.dat
[2007/10/09 14:12:04 | 000,024,227 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Roaming\UserTile.png
[2007/10/08 17:39:00 | 005,111,116 | -H-- | C] () -- C:\Users\Roy & Freda\AppData\Local\oldIconCache.db
[2007/10/08 17:13:06 | 000,069,100 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Roaming\nvModes.dat
[2007/10/08 17:13:06 | 000,069,100 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Roaming\nvModes.001
[2007/10/08 17:02:27 | 000,027,136 | ---- | C] () -- C:\Users\Roy & Freda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 672 bytes -> C:\Users\Roy & Freda\Documents\Hey From Destin2.eml:OECustomProperty
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:4EE323A4
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:F6791DC0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


Extra log:

OTL Extras logfile created on: 2/28/2013 7:26:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Roy & Freda\Desktop\Geeks2Go
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.37% Memory free
4.23 Gb Paging File | 3.20 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.99 Gb Total Space | 37.73 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.31 Gb Free Space | 63.13% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Roy & Freda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with ACDSee] -- "C:\Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3337304456-3073326256-3187803108-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe" = C:\Program Files\AT&T\AT&T Communication Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX -- (Sierra Wireless, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C33D37-1167-4BE0-BA72-1E00A9237AFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{36B72F89-C3B5-46D8-ACB5-191EBFF2D956}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CE84B31-B24F-4572-B0DA-2D69DDB83DD0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{663A18BB-B1A6-46CE-8C1B-BD05D20D33F6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6BF38ABF-AA5D-40D8-9CB5-8CA6B61523A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{73FE6018-596A-44AD-8FAF-B652932A1131}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{7C10A6D9-92A7-4D54-BAA6-854121AEA0E5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7CC254C3-253D-4FDF-A3FA-0D19562EB724}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{7F3E5E29-D69F-4D08-96C4-E456FF82EAA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{88F67B26-400F-4F20-87B9-4EC1CAAC04B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DC36A6C-6451-4D12-83A9-FC2BACF08D7A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{AE4BD570-5103-4D70-BA06-0E761EFE4BAC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2DD074C-DDE9-4195-B487-FE2408666745}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"TCP Query User{8714887C-A712-4002-9B64-6E14E144E3A7}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E856C61C-9841-4704-9B47-2BA3A262EE0E}C:\program files\1ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\1ws_ftp\ws_ftp95.exe |
"TCP Query User{EDC1D6AF-4112-44CD-9E35-49C5F5BD824A}C:\program files\1ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\1ws_ftp\ws_ftp95.exe |
"UDP Query User{59433FCF-2CD6-4776-92F2-B6702F64A223}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{69CB6833-78DA-47EF-B171-804EDB3898FB}C:\program files\1ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\1ws_ftp\ws_ftp95.exe |
"UDP Query User{FD0CB6E2-D905-4F52-AEC5-5DB53C4DB69B}C:\program files\1ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\1ws_ftp\ws_ftp95.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A02499-32E5-4DBC-91C7-17CB4595DB1A}" = AT&T Communication Manager
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.1.4235
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}" = DIRECTV Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62201736-0A1F-4C6F-9C59-1AA3360CEA50}" = Homespun Collection
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8344D4A2-FE9C-4275-AE51-0FD07CC9A5DB}" = Xara3D6
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"20/20 v2.1" = 20/20 v2.1
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ACDSee 32" = ACDSee 32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Arachnophilia version 4.0_is1" = Arachnophilia version 4.0
"AVG PC TuneUp" = AVG PC TuneUp
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Wonders of the Depths 3 - Atlantis Adventures" = Hidden Wonders of the Depths 3: Atlantis Adventures
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Setup" = DivX Setup
"FormatFactory" = FormatFactory 3.00
"FreeCell Plus" = FreeCell Plus
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFonts Font Manager" = MyFonts Font Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Path Copy" = Path Copy 3.0
"Print Artist 2003" = Print Artist 2003
"Revo Uninstaller" = Revo Uninstaller 1.94
"Spesoft Audio Converter_is1" = Spesoft Audio Converter 1.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2013 1:14:55 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDTray.exe, version 2.0.9.127, time stamp 0x4ff41db8,
faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0xc68, application start time 0x01ce07b20eef714f.

Error - 2/10/2013 1:45:03 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDUpdSvc.exe, version 2.0.9.76, time stamp 0x4ff41d92,
faulting module snlBase150.bpl!@Snlcredits@RegisterAppleiPhone, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0x9d8, application start time 0x01ce07b65a89bd0e.

Error - 2/10/2013 1:45:15 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDTray.exe, version 2.0.9.127, time stamp 0x4ff41db8,
faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0xbe8, application start time 0x01ce07b64abfde4e.

Error - 2/10/2013 1:49:00 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDWelcome.exe, version 2.0.9.123, time stamp
0x4ff41dc0, faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version
6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset
0x00009f5d, process id 0x55c, application start time 0x01ce07b6dda9bb4e.

Error - 2/10/2013 2:41:42 PM | Computer Name = LapTop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: aa0 Start Time: 01ce07b64659f3ee Termination Time: 32

Error - 2/10/2013 3:26:12 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDUpdSvc.exe, version 2.0.9.76, time stamp 0x4ff41d92,
faulting module snlBase150.bpl!@Snlcredits@RegisterAppleiPhone, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0xa0c, application start time 0x01ce07c47c12ee85.

Error - 2/10/2013 3:31:45 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDTray.exe, version 2.0.9.127, time stamp 0x4ff41db8,
faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0xbb0, application start time 0x01ce07c47232fa45.

Error - 2/10/2013 3:34:26 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDScan.exe, version 2.0.9.172, time stamp 0x4ff41dad,
faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version 6.0.6002.18541,
time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset 0x00009f5d, process
id 0x13cc, application start time 0x01ce07c594b026a5.

Error - 2/10/2013 3:42:32 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDWelcome.exe, version 2.0.9.123, time stamp
0x4ff41dc0, faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version
6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset
0x00009f5d, process id 0x133c, application start time 0x01ce07c6be39a545.

Error - 2/10/2013 4:58:56 PM | Computer Name = LapTop | Source = Application Error | ID = 1000
Description = Faulting application SDImmunize.exe, version 2.0.9.130, time stamp
0x4ff41d9a, faulting module snlBase150.bpl!@Snlconsolehelp@TCommandLinePar, version
6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000139, fault offset
0x00009f5d, process id 0x1384, application start time 0x01ce07d16d8498a6.

[ Media Center Events ]
Error - 10/17/2007 3:50:56 PM | Computer Name = LapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/30/2007 7:59:59 PM | Computer Name = LapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/14/2007 4:56:01 PM | Computer Name = LapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/18/2007 11:29:20 PM | Computer Name = LapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/25/2008 7:30:45 PM | Computer Name = LapTop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ System Events ]
Error - 2/28/2013 9:49:31 AM | Computer Name = LapTop | Source = Service Control Manager | ID = 7006
Description =

Error - 2/28/2013 9:50:52 AM | Computer Name = LapTop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/28/2013 3:47:15 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/28/2013 3:48:53 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7006
Description =

Error - 2/28/2013 3:50:50 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/28/2013 4:15:15 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7006
Description =

Error - 2/28/2013 4:15:17 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/28/2013 6:06:33 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7006
Description =

Error - 2/28/2013 6:06:33 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7006
Description =

Error - 2/28/2013 6:08:02 PM | Computer Name = LapTop | Source = Service Control Manager | ID = 7022
Description =


< End of report >
That looks like a lot to go over. I'll be offline for the rest of the evening. Be back in touch tomorrow.
  • 0

#36
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again chaknik,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
    IE - HKCU\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {E2BF730D-A874-4D8F-9A27-1363434315A7}
    IE - HKCU\..\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}: "URL" = http://search.netzer...y={searchTerms}
    IE - HKCU\..\SearchScopes\{ADAC8E79-AEFE-48C4-87BA-97211A49AF70}: "URL" = http://search.condui...&ctid=CT3018509
    IE - HKCU\..\SearchScopes\{E2BF730D-A874-4D8F-9A27-1363434315A7}: "URL" = http://search.avg.co...}&ychte=us&nt=1
    IE - HKCU\..\SearchScopes\{EF3C7454-0E35-47CB-89A6-15C9B76CC87E}: "URL" = http://websearch.ask...B9-1DD2AB1899EF
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - user.js - File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://www.adobe.com/products/shockwaveplayer/?promoid=DJDXI" File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{256EE87B-F516-437F-95EC-FFEDAFDD00BF}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
    O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell - "" = AutoRun
    O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    @Alternate Data Stream - 672 bytes -> C:\Users\Roy & Freda\Documents\Hey From Destin2.eml:OECustomProperty
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:4EE323A4
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:F6791DC0
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#37
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I'm sorry but I just haven't been able to get things to cooperate. I've copied the extra text and pasted into OTL window and ranfix,several times, but I keep failing to get a result file. The program doesn't restart the computer so I'm forced to '3 finger salute'. I'm afraid I'll have to give my mind and nerves a break. Please excuse me for the rest of the day. I'll try the fix again after a while. Thanks
  • 0

#38
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I've copied the extra text and pasted into OTL window and ranfix,several times, but I keep failing to get a result file.


I did wonder whether you might run into trouble. With the other machine we had to use some tougher tools to get things moving.

Leave the OTL one for now and do this instead. Let me know if you have trouble with it.

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#39
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the Combofix file. The guy from bleepingcomp. thinks there may be a problem in the router as well as all computers. Just after my last session with you, my wife started using this computer for some of her stuff. She got the time out(IE cannot display....' several times and I just did a couple times trying to get here. Since he mentioned possibly resetting the router, I decided to look at it. I know you didn't want any changes to the router without your knowledge of it. Anyway, when I logged into the router, one of the first things I noticed was that 172.26.38.1 address in one of the fields, didn't notice which one. I wanted you to have this info. along with the Combofix file.

ComboFix 13-03-01.01 - FREDA 03/01/2013 21:20:03.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2700 [GMT -6:00]
Running from: c:\documents and settings\FREDA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\FREDA\Application Data\WTouch
c:\documents and settings\FREDA\Application Data\WTouch\WTouch.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-02-02 to 2013-03-02 )))))))))))))))))))))))))))))))
.
.
2013-02-26 06:02 . 2009-01-09 22:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2013-02-26 06:02 . 2013-02-26 06:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AdminHelper
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2013-02-26 06:01 . 2013-02-26 06:01 -------- d-----w- c:\program files\LG Electronics
2013-02-25 22:04 . 2013-02-25 22:04 -------- d-----w- c:\documents and settings\FREDA\Application Data\TuneUp Software
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\FREDA\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-24 17:44 . 2013-02-24 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-24 17:44 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-23 23:14 . 2013-02-23 23:36 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Anvil Studio
2013-02-23 23:03 . 2013-02-23 23:03 -------- d-----w- c:\program files\Anvil Studio 2012
2013-02-23 03:50 . 2013-02-23 03:50 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\attcm_AppStart
2013-02-22 23:50 . 2013-02-22 23:50 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-20 22:22 . 2013-02-20 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2013-02-20 22:20 . 2013-02-26 05:06 -------- d-----w- c:\documents and settings\FREDA\Application Data\LavasoftStatistics
2013-02-20 21:58 . 2013-02-20 21:58 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\adawarebp
2013-02-20 21:58 . 2013-02-26 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2013-02-20 21:57 . 2013-02-20 21:57 -------- d-----w- c:\program files\Toolbar Cleaner
2013-02-20 21:55 . 2013-02-20 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-02-20 19:21 . 2013-02-20 19:21 120 ----a-w- C:\aaw7boot.cmd
2013-02-15 19:43 . 2013-02-15 19:43 -------- d-----w- c:\windows\system32\{userdocs}
2013-02-14 15:03 . 2013-02-14 15:03 -------- d-----w- c:\documents and settings\FREDA\Local Settings\Application Data\Sun
2013-02-10 21:44 . 2013-02-10 21:44 -------- d-----w- c:\program files\Common Files\Java
2013-02-10 21:44 . 2013-02-10 21:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 22:17 . 2013-02-08 22:17 -------- dc-h--w- c:\windows\ie8
2013-02-08 22:03 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-02-08 13:58 . 2013-02-08 13:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-07 23:11 . 2013-02-07 23:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-02-07 20:20 . 2013-02-07 20:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-02-07 20:18 . 2013-02-07 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 21:43 . 2012-07-23 18:37 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-10 21:43 . 2012-07-23 18:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-10 21:43 . 2010-05-12 11:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-10 03:48 . 2012-06-09 15:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:48 . 2011-05-26 23:52 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-31 02:52 . 2013-01-31 02:52 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-01-31 02:52 . 2013-01-31 02:52 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-12-18 16:06 . 2013-01-20 17:49 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-18 16:06 . 2012-12-18 16:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 16:06 . 2012-12-18 16:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 16:06 . 2012-12-18 16:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 16:06 . 2012-12-18 16:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-12-18 16:06 . 2012-12-18 16:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-12-18 16:06 . 2012-12-18 16:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 16:06 . 2012-12-18 16:06 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-12-18 16:06 . 2012-12-18 16:06 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-12-18 16:06 . 2012-12-18 16:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-12-18 16:06 . 2012-12-18 16:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-12-18 16:06 . 2012-12-18 16:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-12-18 16:06 . 2012-12-18 16:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-12-18 16:06 . 2012-12-18 16:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-12-18 16:06 . 2012-12-18 16:06 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-12-18 16:06 . 2012-12-18 16:06 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-12-18 16:06 . 2012-12-18 16:06 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-12-18 16:06 . 2012-12-18 16:06 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-12-18 16:06 . 2012-12-18 16:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-12-18 16:06 . 2012-12-18 16:06 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-12-18 16:06 . 2012-12-18 16:06 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-12-18 16:06 . 2012-12-18 16:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-12-18 16:06 . 2013-01-20 17:49 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-18 16:06 . 2013-01-20 17:49 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-12-18 16:06 . 2013-01-20 17:49 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2008-08-16 22:42 . 2013-02-05 23:07 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2013-02-05 23:07 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:43 . 2013-02-05 23:07 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2013-02-05 23:07 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2013-02-05 23:07 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2013-02-05 23:07 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2013-02-05 23:07 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2013-02-05 23:07 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2013-02-05 23:08 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2013-02-05 23:08 . 2013-02-05 23:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2012-12-18 219688]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-31 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-01 04:54 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk
backup=c:\windows\pss\Auto Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^EzWare EzDesk.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\EzWare EzDesk.lnk
backup=c:\windows\pss\EzWare EzDesk.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FREDA^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\FREDA\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-03-05 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-04-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 -c--a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 19:46 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-21 00:44 1476104 ----a-w- c:\program files\SAMSUNG\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-21 00:44 310280 ----a-w- c:\program files\SAMSUNG\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 -c--a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 -c--a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 15:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\1Ws_ftp\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Kompozer\\KompoZer 0.7.10\\kompozer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AT&T\\AT&T Communication Manager\\SwiApiMuxX.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11/12/2012 4:47 AM 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R2 AdminHelper.exe;AdminHelper.exe;c:\program files\AT&T\AT&T Communication Manager\AdminHelper.exe [12/18/2012 10:06 AM 56360]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 IERA;Sierra Wireless Error Reporting Agent;c:\program files\Sierra Wireless Inc\IERA\IERA.exe [10/19/2011 3:40 PM 167280]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [6/24/2011 12:10 PM 238960]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [12/25/2010 2:13 PM 4497704]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [12/25/2010 2:14 PM 113448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [5/27/2011 7:05 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/31/2012 3:02 PM 7391072]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [1/20/2013 11:52 AM 83168]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [9/29/2009 10:01 AM 11264]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [1/20/2013 11:52 AM 181344]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\drivers\swg3kser00.sys [10/19/2011 3:41 PM 215552]
S3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\drivers\swiwdmbx.sys [10/19/2011 3:41 PM 83968]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [10/19/2011 3:41 PM 209536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGWD
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 03:48]
.
2013-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: friendsofjamesrogers.com\www
Trusted Zone: onlyimaginegraphics.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\FREDA\Application Data\Mozilla\Firefox\Profiles\4205w02i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-02-28 22:14; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG10\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-OPSWAT Toolbar - c:\program files\OPSWAT\uninstall.exe
AddRemove-opswatutilities - c:\program files\opswatutilities\Uninstaller.exe
AddRemove-RCA Detective™_is1 - c:\documents and settings\FREDA\My Documents\RCA Detective\unins000.exe
AddRemove-RCA easyRip_is1 - c:\documents and settings\FREDA\My Documents\RCA easyRip\unins000.exe
AddRemove-RCA Updater_is1 - c:\documents and settings\FREDA\My Documents\RCA Updater\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-01 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796266127-4252608427-1798623780-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2013-03-01 21:25:19
ComboFix-quarantined-files.txt 2013-03-02 03:25
.
Pre-Run: 321,639,301,120 bytes free
Post-Run: 321,674,801,152 bytes free
.
- - End Of File - - EAA0C15EE200209FEE9C628D3AE6F7C

Edited by chaknik, 01 March 2013 - 09:43 PM.

  • 0

#40
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Since he mentioned possibly resetting the router, I decided to look at it.


Thank you for telling me that. You may recall we visited that at post #22 (although not re-setting to default, rather a restart which often is enough). I will be interested to hear of any more actions in that area. Another thing may be to check with your ISP for any line problems in your area. Also I suppose we musn't discount the possibility that your router may be nearing the end of it's life.

I noticed was that 172.26.38.1 address in one of the fields,


We were endeavouring to remove that from this machine with the OTL fix that froz... interesting that it shows in the router though. Removing it from the computer and resetting the router might remove it.

Out of curiosity did anyone in the family study at Stanford or is this machine second hand say...?

Let's try two things now:

1 Uninstall AVG from this machine. AVG can get in the way of things especially internet activity so we will be able to see if that is a factor.

2 See if we can run that OTL fix

SOooo firstly uninstall AVG. We may have to remove remnants later but let's see if it makes a difference.

After that

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
    IE - HKCU\..\URLSearchHook: {22dfbf5b-a7cd-4b25-9471-3dc68c71855f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {E2BF730D-A874-4D8F-9A27-1363434315A7}
    IE - HKCU\..\SearchScopes\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE}: "URL" = http://search.netzer...y={searchTerms}
    IE - HKCU\..\SearchScopes\{ADAC8E79-AEFE-48C4-87BA-97211A49AF70}: "URL" = http://search.condui...&ctid=CT3018509
    IE - HKCU\..\SearchScopes\{E2BF730D-A874-4D8F-9A27-1363434315A7}: "URL" = http://search.avg.co...}&ychte=us&nt=1
    IE - HKCU\..\SearchScopes\{EF3C7454-0E35-47CB-89A6-15C9B76CC87E}: "URL" = http://websearch.ask...B9-1DD2AB1899EF
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - user.js - File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No CLSID value found.
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://www.adobe.com/products/shockwaveplayer/?promoid=DJDXI" File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{256EE87B-F516-437F-95EC-FFEDAFDD00BF}: DhcpNameServer = 172.26.38.1 172.26.38.2
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
    O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell - "" = AutoRun
    O33 - MountPoints2\{8960a728-f194-11de-9673-001c230ff176}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba680a4d-fa9e-11e0-a694-00197eda342e}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -ap
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    @Alternate Data Stream - 672 bytes -> C:\Users\Roy & Freda\Documents\Hey From Destin2.eml:OECustomProperty
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:4EE323A4
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:F6791DC0
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

When you return please post
  • OTL fix .txt
  • OTL scan .txt

Edited by emeraldnzl, 01 March 2013 - 10:36 PM.
clarification of router reset

  • 0

Advertisements


#41
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Saturday morning and goodday to you. As things stand now, I have uninstalled AVG. I looked back to my router and found the 172.26.38.1 and 172.26.38.2 set as dns servers.I know that's not right. We have no connection or knowledge of anyone associated with Stanford. All my machines were bought brand new from Dell. My router is Cradlepoint bought in Dec. 2012 from Cradlepoint.I just tried several times to run the OTL run/fix, with added text, but no usable file was generated. In C:\Moved files were several folders with names coinciding with the run/fix attempts but they were all empty. I did get the OTL run/scan:

OTL logfile created on: 3/2/2013 9:24:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\FREDA\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 86.17% Memory free
7.07 Gb Paging File | 6.81 Gb Available in Paging File | 96.30% Paging File free
Paging file location(s): C:\pagefile.sys 4096 12288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 300.17 Gb Free Space | 64.45% Space Free | Partition Type: NTFS

Computer Name: FREDA | User Name: FREDA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/02 09:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
PRC - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
PRC - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
PRC - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2009/11/23 18:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/11/23 18:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/18 10:06:44 | 000,034,304 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryGeneric.plugin
MOD - [2012/12/18 10:06:44 | 000,030,720 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryVPorts.plugin
MOD - [2012/12/18 10:06:44 | 000,025,088 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryMobileBroadband.plugin
MOD - [2012/12/18 10:06:44 | 000,019,968 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\DiscoveryNdis.plugin
MOD - [2012/12/18 10:06:44 | 000,017,920 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\resources\plugins\ContextSwitcher.plugin
MOD - [2012/12/18 10:06:42 | 001,049,320 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxmsw28u_core_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,892,136 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll
MOD - [2012/12/18 10:06:42 | 000,727,784 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\wxbase28u_vc_custom.dll
MOD - [2012/12/18 10:06:42 | 000,399,080 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll
MOD - [2012/12/18 10:06:40 | 000,629,480 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll
MOD - [2012/12/18 10:06:40 | 000,148,712 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll
MOD - [2012/12/18 10:06:40 | 000,123,112 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\System.dll
MOD - [2012/12/18 10:06:40 | 000,051,432 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll
MOD - [2012/12/18 10:06:38 | 000,376,040 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Device.dll
MOD - [2012/12/18 10:06:38 | 000,249,064 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DB.dll
MOD - [2012/12/18 10:06:38 | 000,132,840 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll
MOD - [2012/12/18 10:06:38 | 000,099,560 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll
MOD - [2012/12/18 10:06:38 | 000,061,160 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll
MOD - [2012/12/18 10:06:36 | 000,219,688 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe
MOD - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/02/10 15:43:57 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/09 21:48:01 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 17:08:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 10:06:36 | 000,056,360 | ---- | M] () [Auto | Running] -- C:\Program Files\AT&T\AT&T Communication Manager\AdminHelper.exe -- (AdminHelper.exe)
SRV - [2011/06/24 12:10:22 | 000,238,960 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/05/31 17:38:30 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2009/11/23 18:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 18:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2009/03/31 22:54:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/22 00:25:46 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2008/10/04 12:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mdmxsdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrbsvsd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\FREDA\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/19 22:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 22:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/19 09:49:54 | 000,209,536 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/05/16 12:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 14:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/28 12:50:44 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/01 02:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/18 10:24:40 | 000,011,264 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV - [2008/01/15 18:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/15 15:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 15:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 4A EB 46 63 15 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/27 13:29:59 | 000,000,000 | ---D | M]

[2013/02/27 13:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FREDA\Application Data\Mozilla\Extensions
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/22 17:49:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/22 09:21:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}(2)
[2013/02/05 17:08:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2012/10/22 10:59:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/22 11:00:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/01 21:24:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O4 - HKLM..\Run: [attcm_AppStart.exe] C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: friendsofjamesrogers.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: onlyimaginegraphics.com ([www] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.4.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1258206523468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1360358360593 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323E3141-105A-49C1-A74C-17F898A22C18}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/27 16:35:31 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 09:13:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/02 09:02:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/02 09:00:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
[2013/03/02 08:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\WTouch
[2013/03/01 21:18:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/01 21:18:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/01 21:18:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/01 21:18:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/01 21:18:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/01 21:14:12 | 005,035,876 | R--- | C] (Swearware) -- C:\Documents and Settings\FREDA\Desktop\ComboFix.exe
[2013/02/27 12:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2013/02/27 08:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\OPSWAT
[2013/02/26 21:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/02/26 19:12:52 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2013/02/26 19:08:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/26 19:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/26 09:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Desktop\Geeks2Go
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T
[2013/02/26 00:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AdminHelper
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/02/26 00:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013/02/25 16:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\TuneUp Software
[2013/02/25 08:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Start Menu\Programs\Revo Uninstaller
[2013/02/24 11:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\Malwarebytes
[2013/02/24 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 11:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/24 11:44:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/24 11:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/23 17:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Anvil Studio
[2013/02/23 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Anvil Studio 2012
[2013/02/22 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\attcm_AppStart
[2013/02/20 16:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/20 16:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Application Data\LavasoftStatistics
[2013/02/20 15:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\adawarebp
[2013/02/20 15:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/20 15:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/20 15:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/02/15 13:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\{userdocs}
[2013/02/14 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FREDA\Local Settings\Application Data\Sun
[2013/02/11 13:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/02/10 15:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/10 15:44:10 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:44:04 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/08 16:17:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/08 16:03:20 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/02/08 13:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FREDA\Recent
[2013/02/08 10:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/02/08 07:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/02/07 14:20:23 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/07 14:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/06 16:56:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/05 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/03/02 09:23:11 | 000,569,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/02 09:23:11 | 000,110,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/02 09:19:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/02 09:18:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/02 09:18:50 | 3487,723,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 09:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FREDA\Desktop\OTL.exe
[2013/03/02 08:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/02 06:29:56 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Not Doppler.url
[2013/03/01 21:24:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/01 21:14:12 | 005,035,876 | R--- | M] (Swearware) -- C:\Documents and Settings\FREDA\Desktop\ComboFix.exe
[2013/03/01 09:34:50 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2013/03/01 09:04:09 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Wyndham Search Availability.url
[2013/02/28 19:06:58 | 000,575,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/27 23:10:47 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Alaskan Cruise.url
[2013/02/27 15:18:22 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/27 09:41:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/27 08:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/26 20:56:59 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 13:23:43 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/26 09:11:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/02/25 15:20:51 | 000,015,773 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 11:44:10 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 15:32:53 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Weather.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/22 14:11:02 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hostsoriginal
[2013/02/20 13:21:22 | 000,000,120 | ---- | M] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/17 07:45:30 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\Barbie.url
[2013/02/15 13:43:52 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/13 14:32:20 | 000,000,033 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2013/02/10 15:43:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/10 15:43:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/10 15:43:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/10 15:43:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/10 15:43:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/10 15:43:56 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/09 21:48:01 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/09 21:48:00 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/09 16:31:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 17:02:57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\FREDA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/08 16:19:05 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/07 17:14:08 | 000,445,128 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130209-215509.backup
[2013/02/07 14:20:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/02/03 14:11:16 | 269,657,031 | ---- | M] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/02/02 08:23:26 | 000,000,948 | ---- | M] () -- C:\WINDOWS\QIII.INI

========== Files Created - No Company Name ==========

[2013/03/01 21:18:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/01 21:18:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/01 21:18:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/01 21:18:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/01 21:18:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/26 20:56:26 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/26 20:56:25 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\SecureVirtualDesktop.lnk
[2013/02/26 20:56:25 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AppRemover.lnk
[2013/02/26 20:56:25 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\MD4SAClnt.lnk
[2013/02/26 19:08:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/02/26 19:08:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/25 15:14:33 | 000,015,773 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\cultipackerplan.gif
[2013/02/25 08:52:50 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Revo Uninstaller.lnk
[2013/02/24 21:56:46 | 000,002,478 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - BleepingComputer.com.url
[2013/02/24 11:44:10 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 17:15:03 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Shortcut to astudio4.exe.lnk
[2013/02/23 17:03:19 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anvil Studio 2012.lnk
[2013/02/23 17:03:19 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Anvil Studio 2012.lnk
[2013/02/23 15:59:52 | 000,003,955 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Speedtest.net - The Global Broadband Speed Test.url
[2013/02/23 07:22:11 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\AT&T Communication Manager.lnk
[2013/02/22 21:16:33 | 000,003,634 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\Novelty Midis.url
[2013/02/20 13:21:22 | 000,000,120 | ---- | C] () -- C:\aaw7boot.cmd
[2013/02/18 14:43:18 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/02/18 14:43:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/02/15 13:43:52 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\RCA easyRip.lnk
[2013/02/15 13:43:52 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FREE AUDIOBOOK.URL
[2013/02/15 13:43:52 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GET FREE MP3s.URL
[2013/02/15 13:43:25 | 000,459,663 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\User Manual English_TH18XXC.pdf
[2013/02/09 16:31:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\housecall.guid.cache
[2013/02/08 11:48:13 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/02/03 15:18:17 | 223,809,133 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_104558_660.mp4
[2013/02/03 15:18:16 | 047,840,257 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_102509_094.mp4
[2013/02/03 15:18:01 | 250,078,030 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_110745_669.mp4
[2013/02/03 14:11:13 | 269,657,031 | ---- | C] () -- C:\Documents and Settings\FREDA\Desktop\VID_20130126_101917_196.mp4
[2013/01/30 20:52:46 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2013/01/30 20:52:46 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2013/01/26 13:24:17 | 000,716,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796266127-4252608427-1798623780-1005-0.dat
[2013/01/26 13:24:17 | 000,346,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/11 12:23:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\rx_image.Cache
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/06/10 11:07:15 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/06/10 11:07:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/06/10 11:07:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2012/04/22 21:54:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\FREDA\.recently-used.xbel
[2011/11/06 11:35:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/06 11:30:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/09/02 20:38:05 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\Pen_Tablet.dat
[2011/09/02 20:35:55 | 000,000,654 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011/03/15 19:11:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/14 11:30:32 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\FREDA\Application Data\ViewerApp.dat
[2010/09/07 10:20:05 | 002,755,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/16 21:02:56 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 08:31:09 | 000,019,461 | ---- | C] () -- C:\Documents and Settings\FREDA\DModem_Trace.trc
[2009/04/07 13:50:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\FREDA\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\SavedSkadoodle 2-by Freda.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\Roy's Toys:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\FREDA\Desktop\DefaultMyDVD9 files:Roxio EMC Stream

< End of report >
I won't do anything to computer or router til I hear from you. Maybe all your cases aren't this crazy.
  • 0

#42
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello chaknik,

I looked back to my router and found the 172.26.38.1 and 172.26.38.2 set as dns servers.


172.26.38.1 is nolonger showing in the OTL log so something must have happened at least on the computer we are dealing with here. Whether it is gone or just hidden we don't know for sure but we do seem to be making some progress.

I will give you some intructions now that applied to a router infection we used to see quite a lot but not seen so much now. My thought is that the same proceedure may help with this one. You will likely see similar instructions about the router that you are seeing for your other machine with BC. I don't think we are clashing here but be aware of what you are doing in both places.

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Also copy this link for router passwords - see below http://www.phenoelit...rg/dpl/dpl.html

Some things here to know.

Router infections return if the infection is left in either the machine or the router, this applies to all machines connecting through the router.

We need to clean your machine again, off line, so that the router can't re-infect your computer.

Before you use the router again we want to re-set it to it's default settings to remove the infection and stop it coming back.

Some routers you can re-set quite easily just by rebooting them others need a different approach. With your router we tried the rebooting one earlier but it doesn't seem to have helped.

Some types of internet (i.e. DSL connections that use PPPoE in the router), you will need to know the data to re-setup the router itself.

What I am going to do now is give you some instructions that work in most cases.

If however it doesn't work for you, you will lose internet connection and will need to talk to your router provider to ascertain how to re-setup your router.

You have used Malwarebytes before.

If you no-longer have Malwarebytes please download from here.

If you have trouble running Malwarebytes try renaming MBAM.exe to say MBAM.com If you continue having problems running it then come back and tell me.

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have run Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now :thumbsup:
  • 0

#43
chaknik

chaknik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I really am in a tizzy now. Both you and BP are thinking about the router now and this computer has apparently gone back to some of its junk. I just now looked at my router from all three computers, and all had a dms servers of 172.26.38.1/172.26.38.2. I'm thinking I need to back up a bit and maybe restart troubleshooting since quite apparently the router is central to the whole matter. The guy from BP has posted some steps concerning the router which I think I'll persue. You've been very cooperative and helpful but I'm beginning to have trouble going from one help site to another. I've decided to let BP take charge and approach my issues one at a time. Also, his working hours tend to coincide more with mine. I'm sure you have plenty of people just as eager for you help as I was. I really think this will be more productive for me. Thanks for you help.
  • 0

#44
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

this computer has apparently gone back to some of its junk


Suggests the infection is still there, calling home and bringing down the junk. Very good idea to pursue the router as a possible source. Evidence suggests it is although the computers will be involved as well.

I've decided to let BP take charge and approach my issues one at a time.


I agree you should deal with one site, in fact, if it weren't that we were dealing with different machines I would have insisted on that approach.

Very best of luck. :)
  • 0

#45
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP