Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System restore points infected with Trojan horse Agent4.ASEF [Solved]


  • This topic is locked This topic is locked

#1
speculator

speculator

    New Member

  • Member
  • Pip
  • 5 posts
Hello!

This started on Jun 9 when two separate MalwareBytes scans detected and quarantined the following (quoted from MBAM logs):

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Files Detected: 1
C:\Documents and Settings\BillD\Local Settings\Application Data\KB8680612\KB8680612.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

I thought everything was taken care of and tried to do another AVG and MalwareBytes scan from safe mode. But I couldn't boot into safe mode (only saw BSOD). So I downloaded a Kapersky TDSSKiller utility to remove whatever was preventing safe mode and was able to boot into it again. I scanned in safe mode with Malware Bytes and AVG again. Malware detected nothing. AVG detected Win32/DH{random chars} in ComboFix\catchme.cfexe file and quarantined it.

Again I thought I was in the clear and booted in normal mode. Ran AVG again. This time, multiple system restore points came up as all infected with Trojan horse Agent4.ASEF (example: c:\System Volume Information\_restore{random chars}\RP1789\A0258906.exe). I thought about turning of the restore points to remove them and then turning on system restore to make a clean restore point. However, I am not entirely sure my system is clean of malware or viruses. Maybe you can help me check it before I do that? AVG continues to flag the system restore points as infected via automatic threat detection whenever it does a daily virus scan or my OS tries to create a restore point automatically.

Running Win XP Pro SP3, 2 GB of memory.

OTL and OTL Extras logs are pasted below. Thanks!

-Bill

OTL.txt

OTL logfile created on: 6/14/2013 5:58:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\BillD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.89% Memory free
3.84 Gb Paging File | 2.88 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 56.63 Gb Free Space | 38.02% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 80.32 Gb Free Space | 53.92% Space Free | Partition Type: NTFS

Computer Name: DOWNING1 | User Name: BillD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 17:58:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BillD\Desktop\OTL.exe
PRC - [2013/05/10 03:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013/04/05 17:36:22 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/03/27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/02/27 17:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2013/02/08 16:00:28 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\BillD\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/01/20 05:10:04 | 004,373,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2013/01/15 09:15:34 | 000,297,336 | ---- | M] (Abine Inc.) -- C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
PRC - [2012/11/22 10:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/11/22 10:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 04:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/05 17:36:29 | 002,243,480 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2013/04/05 17:36:28 | 000,158,104 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/04/05 17:36:27 | 000,022,424 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/01/19 17:19:27 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2013/01/15 09:15:34 | 000,591,736 | ---- | M] () -- C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPContentFilter.dll
MOD - [2013/01/15 09:15:32 | 000,227,704 | ---- | M] () -- C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPButton.dll
MOD - [2009/11/01 15:56:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
MOD - [2009/11/01 15:54:34 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
MOD - [2009/11/01 15:54:23 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2013/04/05 17:36:32 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/03/25 16:37:48 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/02/08 16:00:28 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/22 10:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/03/22 15:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/04/04 13:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/27 13:31:18 | 000,527,848 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/12/10 04:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/22 10:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/11/08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/02 14:13:12 | 000,987,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/01/02 14:13:12 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/01/02 14:13:12 | 000,268,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080229
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080229
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080229
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D55DF8B6-9A7C-4B63-8514-8FC74980AF6E}
IE - HKCU\..\SearchScopes\{CCA816E2-7FEC-4C2F-A529-4DA8A3505ED7}: "URL" = http://search.twitte...q={searchTerms}
IE - HKCU\..\SearchScopes\{D55DF8B6-9A7C-4B63-8514-8FC74980AF6E}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.5
FF - prefs.js..extensions.enabledAddons: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.11
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2222
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2191
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.6
FF - prefs.js..extensions.enabledItems: {4093c4de-454a-4329-8aff-c6b0b123c386}:0.8.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/27 20:27:22 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.100: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/06/09 19:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/15 18:26:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/06 17:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/05/04 22:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/05 17:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/15 18:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/05 17:35:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/02 18:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Extensions
[2010/01/02 18:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/05 17:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\extensions
[2010/01/16 17:10:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/05 17:47:45 | 000,340,272 | ---- | M] () (No name found) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/11/05 17:47:54 | 000,135,517 | ---- | M] () (No name found) -- C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi
[2012/11/06 09:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/15 18:26:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/07/06 17:36:17 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2013/06/09 19:49:41 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/11/05 17:46:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/05 17:46:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/05 17:46:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: about:blank

O1 HOSTS File: ([2013/06/06 20:25:37 | 000,449,398 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15434 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\BillD\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Documents and Settings\BillD\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 88e5fab154e4ec2454ff125d4f4328c8-0cda852e4d3e248de0492b59ef4b210efbf18035 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.c...kFileStatus.CAB (CheckFileStatus.UserControl1)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1238376640625 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340560044890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340560032171 (MUWebControl Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://pvt.ckwinfo.n...1/bl_camera.cab (Bl_camera Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.16.0.cab (SysInfo Class)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://georges-cam.l...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://proeditseven...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE778DD1-BA24-4954-94BA-287E1F71AE08}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BillD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BillD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 17:58:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BillD\Desktop\OTL.exe
[2013/06/14 06:39:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BillD\Recent
[2013/06/14 06:00:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/13 23:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2013/06/13 22:40:58 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BillD\Desktop\tdsskiller.exe
[2013/06/13 21:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/09 19:49:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/14 17:58:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BillD\Desktop\OTL.exe
[2013/06/14 17:42:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/14 17:42:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/14 16:55:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/14 16:54:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2202438120-3750121234-4095136800-1008.job
[2013/06/14 16:54:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/14 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DOWNING1-BillD.job
[2013/06/14 01:00:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily AdAware run).job
[2013/06/13 23:46:20 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\BillD\Desktop\SafeMode Repair.zip
[2013/06/13 23:45:58 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair.exe
[2013/06/13 23:45:34 | 000,062,894 | ---- | M] ( ) -- C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair-CF.exe
[2013/06/13 22:51:38 | 171,620,224 | ---- | M] () -- C:\Documents and Settings\BillD\My Documents\reg.bkup.reg
[2013/06/13 22:42:43 | 000,006,377 | ---- | M] () -- C:\Documents and Settings\BillD\Desktop\SafeBoot.zip
[2013/06/13 22:41:12 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BillD\Desktop\tdsskiller.exe
[2013/06/13 21:56:16 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2013/06/13 21:49:17 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2013/06/13 20:37:46 | 123,061,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/06/13 20:36:26 | 000,473,294 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/06/12 16:57:03 | 003,578,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/12 05:58:54 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\BillD\Desktop\Round head jig - Saltwater hook, Unpainted 60 degree - 1oz to 3oz.url
[2013/06/08 16:06:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2202438120-3750121234-4095136800-1008.job
[2013/06/06 20:25:37 | 000,449,398 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/05/24 19:53:51 | 000,448,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130606-202537.backup
[2013/05/20 17:48:33 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2013/05/15 18:26:33 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat X Pro.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/13 23:45:58 | 000,288,654 | ---- | C] ( ) -- C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair.exe
[2013/06/13 23:45:34 | 000,062,894 | ---- | C] ( ) -- C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair-CF.exe
[2013/06/13 23:12:57 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\BillD\Desktop\SafeMode Repair.zip
[2013/06/13 22:51:01 | 171,620,224 | ---- | C] () -- C:\Documents and Settings\BillD\My Documents\reg.bkup.reg
[2013/06/13 22:42:43 | 000,006,377 | ---- | C] () -- C:\Documents and Settings\BillD\Desktop\SafeBoot.zip
[2013/01/23 18:14:20 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\BillD\Local Settings\Application Data\dt.dat
[2012/02/19 10:08:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/31 14:43:11 | 000,001,162 | -HS- | C] () -- C:\Documents and Settings\BillD\Local Settings\Application Data\423po8ntn7
[2011/12/31 14:43:11 | 000,001,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\423po8ntn7
[2011/09/26 19:01:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/14 10:32:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
[2011/04/14 10:32:03 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868
[2011/04/14 10:14:48 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19586868
[2011/02/23 18:29:05 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\BillD\g2mdlhlpx.exe
[2009/07/19 14:04:04 | 000,008,482 | -H-- | C] () -- C:\Documents and Settings\BillD\DModem_Trace.trc
[2008/11/28 10:14:48 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\BillD\Application Data\maker.ini
[2008/03/13 10:39:18 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\BillD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/22 10:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/10/20 19:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2008/04/18 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/11/14 18:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/10/13 09:02:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/14 06:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dJ06511DnNcF06511
[2013/03/09 17:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2008/03/04 21:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2013/06/13 21:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/08/29 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2013/04/10 19:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/04/14 10:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/02/29 01:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/02/29 01:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/02/03 10:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/03/04 21:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2013/06/13 20:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/26 14:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/25 21:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/02 14:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2011/02/12 12:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Articulate
[2011/01/30 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Atlassian Evaluation
[2011/10/10 11:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\AVG
[2011/10/10 11:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\AVG2012
[2010/12/25 08:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\avidemux
[2013/06/14 06:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Azureus
[2013/05/04 22:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Check Point Software Technologies LTD
[2012/03/26 21:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\CheckPoint
[2011/03/23 13:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/26 19:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\ElevatedDiagnostics
[2008/09/22 13:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\GetRightToGo
[2008/03/22 09:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\ICAClient
[2008/09/21 17:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\InterTrust
[2009/08/29 16:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\NCH Swift Sound
[2012/04/14 10:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\NetLibCache
[2009/03/05 12:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\OfficeUpdate12
[2008/03/15 16:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\pdf995
[2012/01/07 15:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Quadralay Corporation
[2013/01/19 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\TaxCut
[2010/01/02 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Thunderbird
[2008/06/26 14:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Viewpoint
[2011/02/08 09:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\webex
[2008/12/21 13:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Windows Desktop Search
[2008/12/22 09:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\Windows Search
[2010/04/29 17:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BillD\Application Data\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >


Extras.txt

OTL Extras logfile created on: 6/14/2013 5:58:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\BillD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.89% Memory free
3.84 Gb Paging File | 2.88 Gb Available in Paging File | 74.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 56.63 Gb Free Space | 38.02% Space Free | Partition Type: NTFS
Drive D: | 148.96 Gb Total Space | 80.32 Gb Free Space | 53.92% Space Free | Partition Type: NTFS

Computer Name: DOWNING1 | User Name: BillD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F648B9A-136F-4F8B-9917-81CB95C70210}" = H&R Block Massachusetts 2012
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{32A3A4F4-B792-11D6-A78A-00B0D0160100}" = Java™ SE Development Kit 6 Update 10
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4CC91A65-EC7C-4F74-86EB-08D176F889F3}" = TaxCut Massachusetts 2007
"{4CD591C4-ED75-4320-B2D9-93E2A28F915E}" = H&R Block Massachusetts 2009
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BCB96FE-1329-4395-9392-525CF6CDC7B3}" = AVG 2012
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{77D7B871-D25E-4EFF-8BE6-FBB11D47AF6E}" = TaxCut Massachusetts 2008
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17A-1854-11D3-8F5D-00C04F8DD7E3}" = Spelling
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{7F9C8D01-5B27-454F-8629-9EDAA1D9A0BC}" = H&R Block Massachusetts 2011
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Premium + Efile + State 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B93677FD-F4C4-4CF9-9D44-B4F2F585D835}" = H&R Block Massachusetts 2010
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CDD652D4-2EAA-4D72-8666-F300802F6B40}" = Shape Explorer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D8CD8BBE-81F6-49CB-84D2-A1E616875792}" = AVG 2012
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Visio 2000
"{E186FE4D-CA34-4CCC-87FD-B803E510001D}" = Eudora
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2B04924-29F3-F49D-71E9-B90EFEDE282C}" = Adobe Community Help
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3D4F451-5F04-4082-BE21-1C0C1ADF5014}" = Vz In Home Agent
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"7-Zip 9.20" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"8461-7759-5462-8226-1" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe FrameMaker 7.1" = Adobe FrameMaker v7.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface Service
"AVG" = AVG 2012
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Belarc Advisor" = Belarc Advisor 7.2
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Citrix ICA Web Client" = Citrix ICA Web Client
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"Confluence Evaluation 3.4.7" = Confluence Evaluation 3.4.7
"File Shredder_is1" = File Shredder 2.5
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"jv16 PowerTools 2008_is1" = jv16 PowerTools 2008
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.6 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"SearchAssist" = SearchAssist
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Sony Digital Voice Editor 3" = Sony Digital Voice Editor 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2013 7:52:29 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 6/9/2013 7:52:29 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 6/9/2013 7:52:29 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 6/10/2013 5:56:58 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/10/2013 5:57:05 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/13/2013 8:41:10 PM | Computer Name = DOWNING1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x48544145.

Error - 6/13/2013 8:51:52 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/13/2013 8:51:53 PM | Computer Name = DOWNING1 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 6/13/2013 11:34:29 PM | Computer Name = DOWNING1 | Source = ACW_DE | ID = 2
Description = File could not be found: HTTP Error 404 - File or directory not found.
/acw/ACWRuntime.cab
The URL is invalid

Error - 6/14/2013 6:58:26 AM | Computer Name = DOWNING1 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.75.0.1, faulting module mbamcore.dll,
version 1.70.0.0, fault address 0x00061600.

[ OSession Events ]
Error - 10/18/2012 9:56:18 AM | Computer Name = DOWNING1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 116
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/13/2013 8:58:40 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:40 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:41 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:41 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:41 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:41 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:41 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:42 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:42 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 6/13/2013 8:58:42 PM | Computer Name = DOWNING1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello speculator,

Welcome to Geekstogo.

Firstly, unless you specifically want to keep them please go to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it.

http://www.clickz.com/news/article.php/3561546

Next

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
speculator

speculator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for helping out! I removed Viewpoint Media Player just now. The others weren't listed.

Here are the logs...


FRST.TXT log
*************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2013
Ran by BillD (administrator) on 20-06-2013 17:32:04
Running from C:\Documents and Settings\BillD\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\BillD\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\BillD\Local Settings\Application Data\Akamai\netsession_win.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Abine Inc.) C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-10] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe [x]
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [738984 2012-11-22] (Check Point Software Technologies)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Documents and Settings\BillD\Local Settings\Application Data\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Documents and Settings\BillD\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 88e5fab154e4ec2454ff125d4f4328c8-0cda852e4d3e248de0492b59ef4b210efbf18035 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x]
HKU\Administrator\...\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [ 2007-10-11] (Gteko Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080229
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {CCA816E2-7FEC-4C2F-A529-4DA8A3505ED7} URL = http://search.twitte...q={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.c...kFileStatus.CAB
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1238376640625
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase9563.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://pvt.ckwinfo.n...1/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.3.16.0.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://georges-cam.l...activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://proeditseven...ent/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2006-08-17] (Qualcomm Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.100 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Documents and Settings\BillD\Application Data\Mozilla\Firefox\Profiles\ybq5mui3.default\Extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi

Chrome:
=======
CHR HomePage: about:blank
CHR RestoreOnStartup: "urls_to_restore_on_startup": [ ]
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 DellAMBrokerService; C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe [76016 2007-10-11] ()
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-22] (NOS Microsystems Ltd.)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2008-02-29] (Google)
S2 gupdate1c9f2d4c0836096; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-21] (Google Inc.)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
S4 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-22] (Check Point Software Technologies)
S4 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S2 aawservice; "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
R2 datunidr; C:\Windows\System32\DRIVERS\datunidr.sys [5376 2007-08-23] (Gteko Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [987904 2008-01-02] (Conexant Systems, Inc.)
S3 ICDUSB2; C:\Windows\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-22] (Check Point Software Technologies)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
S3 PTproct; C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [4736 2006-10-05] (Gteko Ltd.)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [527848 2013-03-27] (Check Point Software Technologies LTD)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S1 Changer; No ImagePath
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S1 lbrtfdc; No ImagePath
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S0 srescan; system32\ZoneLabs\srescan.sys [x]
U2 V2iMount;
S3 WDICA; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 17:31 - 2013-06-20 17:31 - 00000000 ____D C:\FRST
2013-06-20 17:06 - 2013-06-20 17:06 - 01368263 ____A (Farbar) C:\Documents and Settings\BillD\Desktop\FRST.exe
2013-06-19 19:16 - 2013-06-19 19:16 - 00000472 ____A C:\Documents and Settings\BillD\Desktop\defogger_disable.log
2013-06-19 19:16 - 2013-06-19 19:16 - 00000000 ____A C:\Documents and Settings\BillD\defogger_reenable
2013-06-19 19:15 - 2013-06-19 19:15 - 00050477 ____A C:\Documents and Settings\BillD\Desktop\Defogger.exe
2013-06-15 17:09 - 2013-06-15 17:09 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-14 18:06 - 2013-06-14 18:06 - 00097654 ____A C:\Documents and Settings\BillD\Desktop\OTL.Txt
2013-06-14 18:06 - 2013-06-14 18:06 - 00064816 ____A C:\Documents and Settings\BillD\Desktop\Extras.Txt
2013-06-14 17:58 - 2013-06-14 17:58 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\BillD\Desktop\OTL.exe
2013-06-14 16:50 - 2013-06-14 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-06-14 16:48 - 2013-06-14 16:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Search
2013-06-14 09:10 - 2013-06-14 11:45 - 00003452 ____A C:\Documents and Settings\Administrator\Desktop\avgrep.txt
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Thunderbird
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-14 06:44 - 2013-06-14 06:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-14 06:09 - 2013-06-14 06:09 - 00027880 ____A C:\SAFEBOOT_REPAIR.TXT
2013-06-14 06:00 - 2013-06-14 06:27 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-13 23:45 - 2013-06-13 23:45 - 00288654 ____A ( ) C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair.exe
2013-06-13 23:45 - 2013-06-13 23:45 - 00062894 ____A ( ) C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair-CF.exe
2013-06-13 23:34 - 2013-06-13 23:34 - 00000000 ____D C:\Program Files\ACW
2013-06-13 23:12 - 2013-06-13 23:46 - 00001595 ____A C:\Documents and Settings\BillD\Desktop\SafeMode Repair.zip
2013-06-13 22:51 - 2013-06-13 22:51 - 171620224 ____A C:\Documents and Settings\BillD\My Documents\reg.bkup.reg
2013-06-13 22:42 - 2013-06-13 22:42 - 00006377 ____A C:\Documents and Settings\BillD\Desktop\SafeBoot.zip
2013-06-13 22:40 - 2013-06-13 22:41 - 02240864 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\BillD\Desktop\tdsskiller.exe
2013-06-11 17:24 - 2013-06-11 17:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-11 17:23 - 2013-06-11 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-11 17:23 - 2013-06-11 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-06 20:25 - 2013-05-24 19:53 - 00448630 ___RA C:\Windows\System32\Drivers\etc\hosts.20130606-202537.backup
2013-05-24 19:53 - 2013-05-04 09:33 - 00447672 ___RA C:\Windows\System32\Drivers\etc\hosts.20130524-195351.backup

==================== One Month Modified Files and Folders ========

2013-06-20 17:31 - 2013-06-20 17:31 - 00000000 ____D C:\FRST
2013-06-20 17:09 - 2012-01-04 16:53 - 01267661 ____A C:\Windows\WindowsUpdate.log
2013-06-20 17:06 - 2013-06-20 17:06 - 01368263 ____A (Farbar) C:\Documents and Settings\BillD\Desktop\FRST.exe
2013-06-20 17:04 - 2008-06-26 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Viewpoint
2013-06-20 16:57 - 2009-08-29 16:48 - 00000000 ____D C:\MDT
2013-06-20 16:57 - 2004-08-11 18:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-06-20 16:56 - 2011-01-10 17:07 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-06-20 16:56 - 2010-03-27 16:03 - 00000278 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2202438120-3750121234-4095136800-1008.job
2013-06-20 16:56 - 2009-07-27 20:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 16:56 - 2004-08-11 18:20 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 16:55 - 2008-03-04 18:17 - 00000062 __ASH C:\Documents and Settings\BillD\Local Settings\desktop.ini
2013-06-20 16:55 - 2004-08-11 18:20 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-20 16:55 - 2004-08-11 18:20 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-20 07:07 - 2008-05-03 10:33 - 00032612 ____A C:\Windows\SchedLgU.Txt
2013-06-20 07:07 - 2008-03-04 18:17 - 00000178 ___SH C:\Documents and Settings\BillD\ntuser.ini
2013-06-20 06:42 - 2009-07-27 20:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 02:00 - 2011-01-11 11:02 - 00000342 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-DOWNING1-BillD.job
2013-06-20 01:00 - 2010-07-18 15:00 - 00000468 ____A C:\Windows\Tasks\Ad-Aware Scan (Daily AdAware run).job
2013-06-19 20:21 - 2008-04-18 19:52 - 00000000 ____D C:\Documents and Settings\BillD\Application Data\Azureus
2013-06-19 19:25 - 2010-10-13 09:01 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-19 19:20 - 2008-06-29 09:22 - 00000000 ____D C:\Documents and Settings\BillD\Application Data\Media Player Classic
2013-06-19 19:20 - 2008-03-04 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-19 19:20 - 2008-03-04 21:49 - 00000000 __SHD C:\Documents and Settings\BillD\UserData
2013-06-19 19:16 - 2013-06-19 19:16 - 00000472 ____A C:\Documents and Settings\BillD\Desktop\defogger_disable.log
2013-06-19 19:16 - 2013-06-19 19:16 - 00000000 ____A C:\Documents and Settings\BillD\defogger_reenable
2013-06-19 19:15 - 2013-06-19 19:15 - 00050477 ____A C:\Documents and Settings\BillD\Desktop\Defogger.exe
2013-06-19 18:58 - 2011-10-15 08:31 - 00000000 ____D C:\Program Files\MALWAREBYTES ANTI-MALWARE
2013-06-19 18:57 - 2008-03-04 22:10 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-06-19 18:41 - 2013-05-04 22:58 - 00000000 ____D C:\Documents and Settings\BillD\Local Settings\Application Data\DoNotTrackPlus
2013-06-18 17:00 - 2012-04-01 21:08 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-18 17:00 - 2011-05-20 18:26 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-18 16:49 - 2012-11-05 17:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-17 17:05 - 2008-08-20 09:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-17 17:04 - 2010-03-29 18:10 - 00000724 ____A C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-06-15 17:09 - 2013-06-15 17:09 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-15 16:51 - 2011-11-14 18:10 - 00417564 ____A C:\Windows\System32\vsconfig.xml
2013-06-15 01:44 - 2008-03-11 09:46 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-14 19:37 - 2004-08-11 18:02 - 00000000 ____D C:\Windows\repair
2013-06-14 19:36 - 2004-08-11 18:11 - 00000000 ____D C:\Windows\Registration
2013-06-14 18:06 - 2013-06-14 18:06 - 00097654 ____A C:\Documents and Settings\BillD\Desktop\OTL.Txt
2013-06-14 18:06 - 2013-06-14 18:06 - 00064816 ____A C:\Documents and Settings\BillD\Desktop\Extras.Txt
2013-06-14 17:58 - 2013-06-14 17:58 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\BillD\Desktop\OTL.exe
2013-06-14 16:53 - 2004-08-11 18:20 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-14 16:50 - 2013-06-14 16:50 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-06-14 16:48 - 2013-06-14 16:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Search
2013-06-14 11:45 - 2013-06-14 09:10 - 00003452 ____A C:\Documents and Settings\Administrator\Desktop\avgrep.txt
2013-06-14 09:18 - 2008-03-04 20:24 - 00000000 ____D C:\ComboFix
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Thunderbird
2013-06-14 09:08 - 2013-06-14 09:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-14 06:44 - 2013-06-14 06:44 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-06-14 06:43 - 2004-08-11 18:20 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-14 06:27 - 2013-06-14 06:00 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-14 06:09 - 2013-06-14 06:09 - 00027880 ____A C:\SAFEBOOT_REPAIR.TXT
2013-06-13 23:46 - 2013-06-13 23:12 - 00001595 ____A C:\Documents and Settings\BillD\Desktop\SafeMode Repair.zip
2013-06-13 23:45 - 2013-06-13 23:45 - 00288654 ____A ( ) C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair.exe
2013-06-13 23:45 - 2013-06-13 23:45 - 00062894 ____A ( ) C:\Documents and Settings\BillD\Desktop\SafeBootKeyRepair-CF.exe
2013-06-13 23:34 - 2013-06-13 23:34 - 00000000 ____D C:\Program Files\ACW
2013-06-13 23:20 - 2004-08-11 18:02 - 00000000 ____D C:\Windows\Help
2013-06-13 22:51 - 2013-06-13 22:51 - 171620224 ____A C:\Documents and Settings\BillD\My Documents\reg.bkup.reg
2013-06-13 22:42 - 2013-06-13 22:42 - 00006377 ____A C:\Documents and Settings\BillD\Desktop\SafeBoot.zip
2013-06-13 22:41 - 2013-06-13 22:40 - 02240864 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\BillD\Desktop\tdsskiller.exe
2013-06-13 21:56 - 2011-10-10 11:40 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
2013-06-13 21:56 - 2010-10-13 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-13 21:49 - 2004-08-11 18:00 - 00000245 _RASH C:\boot.ini
2013-06-12 16:57 - 2004-08-11 18:06 - 03578136 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-12 05:58 - 2011-07-16 12:19 - 00000338 ____A C:\Documents and Settings\BillD\Desktop\Round head jig - Saltwater hook, Unpainted 60 degree - 1oz to 3oz.url
2013-06-11 20:17 - 2008-03-04 20:32 - 00000000 ____D C:\RESUME
2013-06-11 17:24 - 2013-06-11 17:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-11 17:23 - 2013-06-11 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-11 17:23 - 2013-06-11 17:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-11 17:23 - 2009-06-20 17:42 - 00000000 ____D C:\Windows\ie8updates
2013-06-11 17:23 - 2008-02-29 01:07 - 00000000 ___HD C:\Windows\$hf_mig$
2013-06-09 19:21 - 2004-08-11 18:02 - 00000000 ____D C:\Windows\Resources
2013-06-08 16:06 - 2010-03-27 16:03 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2202438120-3750121234-4095136800-1008.job
2013-06-02 17:21 - 2008-03-06 20:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-24 19:53 - 2013-06-06 20:25 - 00448630 ___RA C:\Windows\System32\Drivers\etc\hosts.20130606-202537.backup

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




ADDITION.TXT Log
*****************

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2013
Ran by BillD at 2013-06-20 17:32:33 Run:
Running from C:\Documents and Settings\BillD\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20
Add-ons (Version: 1.0.0.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.7)
Adobe AIR (Version: 2.6.0.19120)
Adobe Community Help (Version: 3.4.973)
Adobe Download Manager (Version: 1.6.2.100)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe FrameMaker v7.1 (Version: 7.1)
Adobe Help Viewer 2 (Version: 2.0.25)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe SVG Viewer 3.0 (Version: 3.0)
Advanced Network Diagramming (Version: 1.0.0.0)
Advanced Network Diagramming Help (Version: 1.0.0.0)
Akamai NetSession Interface Service
Apple Software Update (Version: 2.1.1.116)
AutoUpdate (Version: 1.1)
AVG 2012 (Version: 12.0.3199)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVG PC Tuneup 2011 (Version: 10.0.0.26)
AXIS Media Control Embedded
Belarc Advisor 7.2
Bing Maps 3D (Version: 4.0.903.16005)
Block Diagrams (Version: 6.0.0001)
Block Diagrams Help (Version: 6.0.0001)
Borders and Backgrounds (Version: 6.0.0001)
Borders and Backgrounds Help (Version: 6.0.0001)
Browser Address Error Redirector (Version: 1.00.0000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
CAD Drawing Display (Version: 6.0.0001)
Callouts and Connectors (Version: 6.0.0001)
Callouts and Connectors Help (Version: 6.0.0001)
CCleaner (Version: 3.25)
Citrix ICA Web Client
Clip Art and Symbols (Version: 6.0.0001)
Clip Art and Symbols Help (Version: 6.0.0001)
Conexant D850 PCI V.92 Modem
Confluence Evaluation 3.4.7
Custom Properties Editor (Version: 6.0.0001)
Database Design (Version: 1.0.0.0)
Database Design Help (Version: 1.0.0.0)
Database Wizard (Version: 6.0.0001)
DeductionPro 2008 (Version: 16.04)
DeductionPro 2009 (Version: 17.04)
Dell Automated PC TuneUp (Version: 1.0.3085)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell Support Center (Support Software) (Version: 2.2.09085)
Developing Visio Solutions Help (Version: 6.0.0001)
Digital Line Detect (Version: 1.18)
Directory Services (Version: 1.0.0.0)
Directory Services Help (Version: 1.0.0.0)
DivX Codec (Version: 6.8.2)
Eudora (Version: 7.0)
File Shredder 2.5
Flowcharts (Version: 6.0.0001)
Flowcharts Help (Version: 6.0.0001)
Forms and Charts (Version: 6.0.0001)
Forms and Charts Help (Version: 6.0.0001)
Free RAR Extract Frog (Version: 1.80)
Google Desktop (Version: -)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 4.5.0.457
Graphics Filters (Version: 1.0.0.0)
H&R Block Massachusetts 2009 (Version: 1.09.2801)
H&R Block Massachusetts 2010 (Version: 1.10.2301)
H&R Block Massachusetts 2011 (Version: 1.11.2801)
H&R Block Massachusetts 2012 (Version: 1.12.2601)
H&R Block Premium + Efile + State 2009 (Version: 09.06.6501)
H&R Block Premium + Efile + State 2010 (Version: 10.06.6402)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
H&R Block Premium + Efile + State 2012 (Version: 12.07.7803)
Help for Visio 2000 (HTML Help) (Version: 6.0.0.1)
HTML Help Workshop
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0 (Version: )
Internet Diagrams (Version: 1.0.0.0)
Internet Diagrams Help (Version: 1.0.0.0)
Java 7 Update 13 (Version: 7.0.130)
Java DB 10.4.2.1 (Version: 10.4.2.1)
Java™ 6 Update 18 (Version: 6.0.180)
Java™ SE Development Kit 6 Update 10 (Version: 1.6.0.100)
Java™ SE Development Kit 6 Update 16 (Version: 1.6.0.160)
jv16 PowerTools 2008
K-Lite Codec Pack 6.6.6 (Full) (Version: 6.6.6)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Maps (Version: 6.0.0001)
Maps Help (Version: 6.0.0001)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 Trial (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.2)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Modem Diagnostics Tool (Version: 1.0.23.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
NetWaiting (Version: 2.5.47)
Network Diagrams (Version: 6.0.0001)
Network Diagrams Help (Version: 6.0.0001)
Octoshape add-in for Adobe Flash Player
Office Layout (Version: 6.0.0001)
Office Layout Help (Version: 6.0.0001)
Organization Charts (Version: 6.0.0001)
Organization Charts Help (Version: 6.0.0001)
Page Layout Wizard (Version: 6.0.0001)
Pdf995
PowerDVD (Version: 7.0)
Program Files (Version: 06.00.0002)
Program Files Help (Version: 6.0.0001)
Program Files Professional (Version: 1.0.0.0)
Program Files Professional Help (Version: 1.0.0.0)
Project Schedules (Version: 6.0.0001)
Project Schedules Help (Version: 6.0.0001)
Property Reporting Wizard (Version: 6.0.0001)
QuickTime (Version: 7.55.90.70)
Realtek High Definition Audio Driver
Release Notes (Version: 6.0.0001)
Release Notes Professional (Version: 1.0.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio Update Manager (Version: 3.0.0)
Save as HTML (Version: 6.0.0001)
SearchAssist
Shape Explorer (Version: 6.0.0001)
Shape Explorer Help (Version: 6.0.0001)
SnagIt 8 (Version: 8.2.3)
Software Design (Version: 1.0.0.0)
Software Design Help (Version: 1.0.0.0)
Solutions (Version: 1.0.0.0)
Sonic Activation Module (Version: 1.0)
Sony Digital Voice Editor 3
Spelling (Version: 6.0.0001)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 5.0 (Version: 5.0.0)
Subtitle Workshop 2.51
Switch Sound File Converter
System Requirements Lab
System Requirements Lab for Intel (Version: 4.3.16.0)
TaxCut Massachusetts 2007 (Version: 1.07.4901)
TaxCut Massachusetts 2008 (Version: 1.08.4601)
TaxCut Premium + State + Efile 2007 (Version: 07.05.0000)
TaxCut Premium + State + Efile 2008 (Version: 08.07.6801)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VBA (Version: 6.01.00.1234)
VC 9.0 Runtime (Version: 1.0.0)
Visio (Version: 1.0.0.1)
Visio 2000 (Version: 6.0.0.3)
Visio Core Files (Version: 06.00.0001)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vuze
Vuze (Version: 5.0.0.0)
Vz In Home Agent (Version: 7.03.31)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
YouSendIt Express (Version: 2.6.0)
ZoneAlarm Firewall (Version: 11.0.000.038)
ZoneAlarm Firewall (Version: 11.0.000.504)
ZoneAlarm Free Firewall (Version: 11.0.000.504)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.000.038)
ZoneAlarm Security (Version: 11.0.000.504)
ZoneAlarm Security Toolbar (Version: 1.8.11.11)

==================== Restore Points =========================

23-03-2013 16:01:37 System Checkpoint
24-03-2013 22:28:56 System Checkpoint
25-03-2013 22:41:03 System Checkpoint
26-03-2013 23:20:36 System Checkpoint
28-03-2013 00:09:01 System Checkpoint
29-03-2013 10:02:57 System Checkpoint
30-03-2013 22:37:21 System Checkpoint
31-03-2013 22:38:50 System Checkpoint
01-04-2013 22:59:11 System Checkpoint
03-04-2013 21:43:42 System Checkpoint
04-04-2013 23:26:28 System Checkpoint
06-04-2013 00:02:43 System Checkpoint
07-04-2013 22:30:56 System Checkpoint
08-04-2013 23:00:41 System Checkpoint
10-04-2013 10:51:13 System Checkpoint
12-04-2013 22:24:17 System Checkpoint
13-04-2013 22:45:09 System Checkpoint
14-04-2013 12:32:27 Software Distribution Service 3.0
15-04-2013 22:13:01 System Checkpoint
18-04-2013 00:05:20 System Checkpoint
20-04-2013 19:28:20 System Checkpoint
21-04-2013 22:42:14 System Checkpoint
23-04-2013 22:13:46 System Checkpoint
24-04-2013 22:27:53 System Checkpoint
26-04-2013 21:49:30 System Checkpoint
27-04-2013 21:59:19 System Checkpoint
29-04-2013 22:17:39 System Checkpoint
30-04-2013 22:25:34 System Checkpoint
01-05-2013 22:37:41 System Checkpoint
03-05-2013 22:03:59 System Checkpoint
05-05-2013 03:27:03 System Checkpoint
06-05-2013 23:53:49 System Checkpoint
08-05-2013 10:33:54 System Checkpoint
10-05-2013 22:41:45 System Checkpoint
12-05-2013 00:02:48 System Checkpoint
13-05-2013 00:23:47 System Checkpoint
14-05-2013 22:21:31 System Checkpoint
16-05-2013 22:51:07 System Checkpoint
18-05-2013 00:16:33 System Checkpoint
20-05-2013 10:22:44 System Checkpoint
21-05-2013 22:17:23 System Checkpoint
22-05-2013 22:27:12 System Checkpoint
23-05-2013 22:49:09 System Checkpoint
25-05-2013 00:23:20 System Checkpoint
26-05-2013 22:11:29 System Checkpoint
27-05-2013 22:32:09 System Checkpoint
29-05-2013 00:27:41 System Checkpoint
30-05-2013 10:31:49 System Checkpoint
31-05-2013 21:20:13 System Checkpoint
01-06-2013 21:23:42 System Checkpoint
03-06-2013 10:22:30 System Checkpoint
04-06-2013 22:20:11 System Checkpoint
05-06-2013 22:42:02 System Checkpoint
06-06-2013 22:44:20 System Checkpoint
07-06-2013 22:54:18 System Checkpoint
08-06-2013 23:42:43 System Checkpoint
09-06-2013 23:48:50 Restore Operation
11-06-2013 00:12:35 System Checkpoint
11-06-2013 21:22:21 Software Distribution Service 3.0
12-06-2013 22:20:55 System Checkpoint
13-06-2013 22:47:50 System Checkpoint
14-06-2013 03:38:17 regbackup
14-06-2013 10:23:29 restoreptnext
15-06-2013 22:17:16 System Checkpoint
17-06-2013 22:08:34 System Checkpoint
19-06-2013 22:28:23 System Checkpoint

==================== Hosts content: ==========================




127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 1000 more lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 04:56:53 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (06/20/2013 04:56:52 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The server name or address could not be resolved

Error: (06/15/2013 08:50:31 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/14/2013 06:58:26 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.75.0.1, faulting module mbamcore.dll, version 1.70.0.0, fault address 0x00061600.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/13/2013 11:34:29 PM) (Source: ACW_DE) (User: )
Description: File could not be found: HTTP Error 404 - File or directory not found.
/acw/ACWRuntime.cab The URL is invalid

Error: (06/13/2013 08:51:53 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/13/2013 08:51:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/13/2013 08:41:10 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x48544145.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/10/2013 05:57:05 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (06/10/2013 05:56:58 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\BILLD\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (06/20/2013 05:32:00 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:59 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:51 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:51 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:34 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:19 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:18 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:18 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:18 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Error: (06/20/2013 05:31:18 PM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (10/18/2012 09:56:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 116 seconds with 60 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 2037.1 MB
Available physical RAM: 1067.19 MB
Total Pagefile: 3929.26 MB
Available Pagefile: 2877.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.96 GB) (Free:54.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:148.96 GB) (Free:80.32 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: C3B3F234)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again speculator,

Nothing really serious leaping out at me.

Just a bit of cleaning up to do and a check to see that we are not missing anything.

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Finally in this post

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
When you return please post
  • JRT.txt
  • OTL.txt
  • ESET scan results
  • and tell me how your computer is

  • 0

#5
speculator

speculator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello again. I ran what you requested and posted the results below. One thing I noticed was that OTL didn't produce a log called OTL. Instead the log was named 06202013_192440.log, so I posted that below. I did look on the desktop where OTL is installed and noticed an older version of OTL.log dated 6-14-2013 which is what I posted when I first started this topic. It's possible OTL just didn't overwrite it with the new log?

So far the computer seems fine on normal reboot and activities. I want to try safe boot again, plus another Malwarebytes and AVG scan but those have been coming up clean for the past 4-5 days so it would be a surprise if they didn't this time.

Logs below...


JRT
****

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by BillD on Thu 06/20/2013 at 19:16:29.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/20/2013 at 19:20:00.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Log Produced by OTL
*******************


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
File move failed. C:\Program Files\Dell\BAE\BAE.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP\WiseCustomCalla2.dll deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\BillD\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\BillD\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 458556 bytes
->Temporary Internet Files folder emptied: 441232 bytes

User: All Users

User: BillD
->Temp folder emptied: 4920239 bytes
->Temporary Internet Files folder emptied: 9547584 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50338941 bytes
->Google Chrome cache emptied: 9447403 bytes
->Flash cache emptied: 1219 bytes

User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56549 bytes

User: LocalService
->Temp folder emptied: 2046376 bytes
->Temporary Internet Files folder emptied: 183937 bytes

User: NetworkService
->Temp folder emptied: 1980600 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1510469 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188535701 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 257.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06202013_192440

Files\Folders moved on Reboot...
C:\Program Files\Dell\BAE\BAE.dll moved successfully.
C:\Documents and Settings\BillD\Local Settings\Temporary Internet Files\Content.IE5\B1BVPPZ8\330937-system-restore-points-infected-with-trojan-horse-agent4asef[1].txt moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_580.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ESET Log
********

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c018010ff4ae494ca93a4abe6af64a85
# engine=14121
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-21 05:05:13
# local_time=2013-06-21 01:05:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1034 16777213 100 81 0 60511923 0 0
# compatibility_mode=9217 16777214 75 4 3146912 3146912 0 0
# scanned=328076
# found=10
# cleaned=10
# scan_time=19244
sh=6BF8E85305FA8E3B5A4A8F0B177B9014322048A7 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\BillD\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\18\174fc9d2-39435dcc"
sh=3A692138019CD3B1E905B993B7F2D157C955D793 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\BillD\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43\7091c3eb-172c6add"
sh=34223D849151B692DDFDA5652A10E0A9CCA61D12 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NFX trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\BillD\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45\1dae19ed-342bf90a"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=7CA09242430C959896DAEA8D1B9015A9B6C9EBDC ft=1 fh=5996fef7aabe382c vn="a variant of Win32/InstallIQ.A application (cleaned by deleting - quarantined)" ac=C fn="C:\wow4\7zipap_718.exe"
sh=A556042BFC4B809870F56A7036234EEDD9DCAECA ft=1 fh=8132dcbcb06ed050 vn="a variant of Win32/Bundled.Toolbar.Ask.A application (cleaned by deleting - quarantined)" ac=C fn="C:\wow4\InstallFreeRARExtractFrog.exe"
sh=A77DAB0CC1A063A0AC9B44E94E12FA6598810723 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle application (deleted - quarantined)" ac=C fn="D:\Program Files\Vuze\bunndle.zip"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=7CA09242430C959896DAEA8D1B9015A9B6C9EBDC ft=1 fh=5996fef7aabe382c vn="a variant of Win32/InstallIQ.A application (cleaned by deleting - quarantined)" ac=C fn="D:\wow4\7zipap_718.exe"
sh=A556042BFC4B809870F56A7036234EEDD9DCAECA ft=1 fh=8132dcbcb06ed050 vn="a variant of Win32/Bundled.Toolbar.Ask.A application (cleaned by deleting - quarantined)" ac=C fn="D:\wow4\InstallFreeRARExtractFrog.exe"
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello speculator,

One thing I noticed was that OTL didn't produce a log called OTL. Instead the log was named 06202013_192440.log, so I posted that below.


Happens sometimes. Not sure why.

So far the computer seems fine on normal reboot and activities.


Your machine looks pretty good to me. I think you are good to go. I will leave the topic open for a day or two in case any issues arise.

Meantime we have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to diasble Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
-----------------------------------------------------------------------------------------------------------------------



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline


Have a safe and happy computing day!
  • 0

#7
speculator

speculator

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK, ran OTL cleanup, then reset and re-enabled the restore points.

So far, everything seems A-OK. :thumbsup:

Thanks so much for all your help checking the system out. If anything changes in the next 2 days. I'll post here, but I think things are shipshape.

Best wishes,

-speculator
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
You are very welcome :happy:
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP