Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Moneypak and Subsequent Google Redirect [Solved]

Started by Bruce8055 , Aug 06 2013 05:27 PM

  • This topic is locked This topic is locked

#1
Bruce8055
Posted 06 August 2013 - 05:27 PM

Bruce8055

    Member

  • Member
  • PipPip
  • 21 posts
My computer has been slow lately and I thought it was probably time to take a look at it. However, yesterday my daughter asked me to come look at the computer and the FBI Moneypak scam was on the screen. I rebooted and ran a scan with AVG 2013 and it found one infection. I can't recall its name. I then rebooted into safe mode and ran a scan with AVG 2013 again and nothing was found. I haven't had the Moneypak virus pop up again but I now have a Google Redirect virus of some kind. The OTL scan is below. I look forward to your help. Bruce

OTL logfile created on: 8/6/2013 6:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Music\Amazon MP3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.89% Memory free
6.09 Gb Paging File | 4.43 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 194.88 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/06 18:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Music\Amazon MP3\Desktop\OTL.exe
PRC - [2013/07/29 14:27:32 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/07/29 14:27:32 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/07/29 14:27:32 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/27 17:38:45 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe
PRC - [2011/06/01 15:38:40 | 000,868,864 | ---- | M] (Audiovox Accessories Corp.) -- C:\Users\Bruce\Documents\RCA Detective\RCADetective.exe
PRC - [2010/09/14 20:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 16:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2006/11/02 04:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2002/07/17 11:00:00 | 000,200,767 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/04 13:12:22 | 000,406,016 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Conduit\Adobe\kmliilcokn.dll
MOD - [2013/07/29 14:27:33 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/07/29 14:27:33 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/07/29 14:27:32 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/07/29 14:27:32 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/29 14:27:33 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/13 16:34:06 | 000,452,120 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001/09/13 12:02:38 | 000,019,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2001/09/13 12:02:36 | 000,010,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2001/09/13 12:02:34 | 000,039,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2001/09/13 12:02:34 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2611275

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}
IE - HKCU\..\SearchScopes\{1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-12-14 17:46:31&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/06/07 19:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Conduit\Adobe\kmliilcokn.dll ()
O4 - HKCU..\Run: [Easy Dock] File not found
O4 - HKCU..\Run: [iWin Update] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe ()
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Bruce\Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://www.partserve...3d/cnsweb3d.cab (Cnsweb3d Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06EE0428-32E6-419F-AE24-C23504017F8B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/06 18:02:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Music\Amazon MP3\Desktop\OTL.exe
[2013/08/05 18:01:47 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\a469e699-64a9-40e7-9471-53f0beca95a8ad
[2013/08/04 13:12:25 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\iWin
[2013/07/30 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/10 01:32:40 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/06 18:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Music\Amazon MP3\Desktop\OTL.exe
[2013/08/06 17:59:59 | 000,000,324 | -H-- | M] () -- C:\Windows\tasks\{15C9CA3E-9638-4596-A6E5-B38A60256B9F}.job
[2013/08/06 17:38:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/06 16:56:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 16:56:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 14:06:23 | 000,002,234 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2013/08/05 21:29:12 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/08/05 21:27:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/08/05 21:27:08 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 18:07:53 | 000,000,004 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\skype.ini
[2013/07/31 21:34:51 | 016,846,848 | ---- | M] () -- C:\Users\Bruce\Documents\My Money.mny
[2013/07/31 21:34:50 | 016,753,016 | R--- | M] () -- C:\Users\Bruce\Documents\My Money Backup.mbf
[2013/07/30 11:31:41 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/29 19:04:12 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 19:04:12 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 14:27:33 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/10 03:47:27 | 000,390,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/05 21:27:08 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/05 18:01:49 | 000,000,324 | -H-- | C] () -- C:\Windows\tasks\{15C9CA3E-9638-4596-A6E5-B38A60256B9F}.job
[2013/08/05 18:01:43 | 000,000,004 | ---- | C] () -- C:\Users\Bruce\AppData\Roaming\skype.ini
[2013/05/29 11:05:32 | 000,001,222 | -HS- | C] () -- C:\Users\Bruce\AppData\Local\6o4v7yr6ikfw18072u
[2013/05/29 11:05:32 | 000,001,222 | -HS- | C] () -- C:\ProgramData\6o4v7yr6ikfw18072u
[2012/08/05 11:48:50 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/07/09 21:27:38 | 000,005,414 | ---- | C] () -- C:\Users\Bruce\AppData\Roaming\wklnhst.dat
[2010/06/11 00:59:04 | 000,006,656 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 20:06:30 | 000,007,052 | ---- | C] () -- C:\Users\Bruce\AppData\Local\d3d9caps.dat
[2009/02/27 00:49:36 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/15 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Amazon
[2012/12/14 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG2013
[2009/09/24 22:17:52 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\CadSoft
[2011/06/29 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Canon
[2012/06/07 19:43:19 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\CheckPoint
[2009/05/10 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/20 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\funkitron
[2010/12/21 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Gamelab
[2012/08/19 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\IrfanView
[2011/03/06 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\iWin
[2011/03/06 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Ludia
[2010/05/03 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Microchip
[2011/04/03 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PlayFirst
[2011/04/29 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\SPORE Creature Creator
[2011/07/09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Template
[2012/12/14 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Bruce8055
Posted 06 August 2013 - 05:48 PM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I also just realized that my desktop folder is in a weird place...C:\Users\Bruce\Music\Amazon MP3\Desktop

Is this a problem and can we fix this too?
  • 0

#3
godawgs
Posted 07 August 2013 - 11:07 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Bruce, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

I am in the process of analyzing your log. Please post the Extras.txt log and I will be back to you.
Thanks
  • 0

#4
Bruce8055
Posted 07 August 2013 - 04:58 PM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for helping me out godawgs. The log you requested is copied below. FYI. I did change the location of the desktop folder to its default so the location of otl.exe would now be C:\\Users\Bruce\Desktop


OTL Extras logfile created on: 8/6/2013 6:04:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Music\Amazon MP3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 40.89% Memory free
6.09 Gb Paging File | 4.43 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 194.88 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9BE03B4D-1BF0-4453-BCF8-60A1598162BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C2DA52-3B2E-4DC0-85F5-815D0BF89BF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{13C88333-B936-4302-AB26-997B866AB0C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{30349916-C306-470B-968E-A5A03725D2AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{36F9E8B7-C94E-4BCF-B6FE-1CD2E9169035}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{40DDC499-3DBA-4A57-B6BA-1CD365190E0F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{47DC75C0-E152-4215-9C62-C9B824B13015}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{4EB68E97-CBE8-4F93-ACF2-9CB6061E3C02}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4EEE6F6E-1849-4A77-B75F-2FE31D7DBCDB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4FA74856-3949-4642-A5AF-0CC07F830E40}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{6B1852D5-82F0-42A3-AB3F-7CB9ACA24B89}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{73B9B3BF-3553-4110-8024-60C65AB6FCF7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{800119E3-8803-4473-A6DC-63B5E0226C33}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{81D40F36-F40C-4B6A-9BEE-470A92A38AAC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9DB5D3B4-593F-4BB6-948C-E8AFAEA3693E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{AE10BD3B-1F97-4ABE-849B-66A85192FAC8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C12CF4A9-160D-402C-81B7-6517FEB839E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{CA1731F5-7D01-49EC-B119-DF618B6BA01A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D4983CA8-5744-4F26-A291-A8CB992C1645}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{DC89E8BF-9D8D-47E4-8542-46A1AB942402}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E354FA68-EFA6-4DDC-8E52-AF4B197654E8}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EF898843-43DF-496C-9FCB-069FC971E985}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{019210C1-32C8-423C-BEFD-763C8E7A188F}" = Microsoft Money 2003
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money 2003 System Pack
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1189284F-0556-47E5-8DCD-F8BF3176F4EA}" = WingMan Software
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{2818ADC7-C1FB-40A8-BE6B-36B62682E9E8}" = PICkit 2 v2.61
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A760067A-C07E-1033-0000-A764AC000006}" = Avery Template
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security
"{E639C9C3-93E1-4445-BD14-75AE8F513FF0}" = AVG 2013
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}" = Creative MuVo V100
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"EAGLE 5.6.0" = EAGLE 5.6.0
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fighter Ace II 1.00" = Microsoft Fighter Ace II
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{91FE9A2C-2FBD-4B48-B835-89BC0E943DBB}" = MPLAB Tools v8.36
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RCA Detective™_is1" = RCA Detective™ 3.0.3.0
"RCA easyRip_is1" = RCA easyRip 2.5.7.0
"RCA Updater_is1" = RCA Updater 2.1.7.0
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Speed Dial Utility" = Canon Speed Dial Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"WildTangent hp Master Uninstall" = My HP Games
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Applet" = Applet
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/17/2013 6:57:34 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16490 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2e44 Start Time: 01ce6bad67f66bc0 Termination Time: 12

Error - 6/27/2013 2:53:05 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2013 8:24:47 PM | Computer Name = Laptop | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =

Error - 6/27/2013 8:29:50 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/5/2013 10:57:49 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16490, time stamp
0x51955cca, faulting module AcroRd32.dll, version 9.5.3.305, time stamp 0x50d1cc1f,
exception code 0xc0000005, fault offset 0x0013cf29, process id 0x135cc, application
start time 0x01ce79f137ae4490.

Error - 7/6/2013 10:41:26 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10550 Start Time: 01ce776e5b023bc0 Termination Time: 65

Error - 7/7/2013 3:05:48 PM | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16490 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 191b0 Start Time: 01ce7b43b5e76870 Termination Time: 17

Error - 7/10/2013 4:47:41 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 4:58:57 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/31/2013 11:06:13 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/5/2013 10:25:11 PM | Computer Name = Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 8/5/2013 10:25:18 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/5/2013 10:25:20 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/5/2013 10:25:26 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 8/5/2013 10:26:00 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2013 10:26:00 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 8/5/2013 10:26:00 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =

Error - 8/5/2013 10:28:42 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 8/5/2013 10:28:55 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description =

Error - 8/5/2013 10:28:55 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#5
godawgs
Posted 07 August 2013 - 09:06 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Thanks for the log.

FYI. I did change the location of the desktop folder to its default so the location of otl.exe would now be C:\\Users\Bruce\Desktop

Thanks for the update. That's one thing taken care of already. :)
I don't see any evidence of Norton Internet Security in the services or drivers in the OTL log but Norton Internet Security is in the list of programs installed on the computer. Did you uninstall NIS through the Control Panel in Windows or did you do it some other way?


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
MOD - [2013/08/04 13:12:22 | 000,406,016 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Conduit\Adobe\kmliilcokn.dll
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2611275
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKCU..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Conduit\Adobe\kmliilcokn.dll ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
[2013/08/06 17:59:59 | 000,000,324 | -H-- | M] () -- C:\Windows\tasks\{15C9CA3E-9638-4596-A6E5-B38A60256B9F}.job
[2013/08/05 18:07:53 | 000,000,004 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\skype.ini
[2013/05/29 11:05:32 | 000,001,222 | -HS- | C] () -- C:\Users\Bruce\AppData\Local\6o4v7yr6ikfw18072u
[2013/05/29 11:05:32 | 000,001,222 | -HS- | C] () -- C:\ProgramData\6o4v7yr6ikfw18072u

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • Right click the adwcleaner.exe file and click Run as administrator, then accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this. Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above.
2. The OTL fixes log
3. The aswMBR log
4. The AdwCleaner[R1].txt log
5. The new OTL.txt log
  • 0

#6
Bruce8055
Posted 08 August 2013 - 12:45 AM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for the quick turnaround.

I had a free trial of Norton Internet Security when I bought the computer. After it lapsed, I installed AVG and ZoneAlarm. I don't think I did anything other than let it lapse.

A couple other things...when I was reading your most recent post (before I had done anything), AVG popped up saying it had found something but then my screen went blue and I had to hard cycle the PC (hold down the power button). It booted back up fine and I returned to your post and started the OTL Fix.

When I ran the OTL Fix (Step 1), it apparently hung with only [emptytemp] left in the Custom Scan/Fix box. After about a half hour of OTL "not responding" I restarted the computer. When I went to look for the log, there was none. There is a folder C:\_OTL\MovedFiles\08072013_225316 with subfolders of C_ProgramData, C_Users and C_Windows. Let me know if you need to know what is in these folders but it looks like the stuff listed in the custom fix you had me run.

Step 2 (aswMBR). My PC did have an exception and restarted on its own half way through the scan. After it rebooted, I reran the scan. The log is below:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-07 23:59:10
-----------------------------
23:59:10.649 OS Version: Windows 6.0.6002 Service Pack 2
23:59:10.649 Number of processors: 2 586 0x170A
23:59:10.650 ComputerName: LAPTOP UserName: Bruce
23:59:14.139 Initialize success
23:59:52.736 AVAST engine defs: 13080701
23:59:58.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:59:58.837 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
23:59:59.198 Disk 0 MBR read successfully
23:59:59.202 Disk 0 MBR scan
23:59:59.215 Disk 0 unknown MBR code
23:59:59.220 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294096 MB offset 63
23:59:59.272 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11145 MB offset 602310656
23:59:59.288 Disk 0 scanning sectors +625135616
23:59:59.579 Disk 0 scanning C:\Windows\system32\drivers
00:00:31.013 Service scanning
00:01:17.733 Modules scanning
00:01:55.864 Disk 0 trace - called modules:
00:01:55.891 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
00:01:55.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8687a8e0]
00:01:55.905 3 CLASSPNP.SYS[82a078b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ead8a0]
00:01:58.086 AVAST engine scan C:\Windows
00:02:10.350 AVAST engine scan C:\Windows\system32
00:15:11.868 AVAST engine scan C:\Windows\system32\drivers
00:15:52.066 AVAST engine scan C:\Users\Bruce
00:38:41.483 AVAST engine scan C:\ProgramData
00:46:04.770 Scan finished successfully
00:46:40.625 Disk 0 MBR has been saved successfully to "C:\Users\Bruce\Desktop\MBR.dat"
00:46:40.634 The log file has been saved successfully to "C:\Users\Bruce\Desktop\aswMBR.txt"


Step 3 (AdwCleaner). Here is the log.

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 00:52:35
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Bruce - LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Bruce\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\user.js
File Found : C:\Users\Bruce\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Bruce\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Bruce\AppData\Local\Conduit
Folder Found : C:\Users\Bruce\AppData\Local\iWin
Folder Found : C:\Users\Bruce\AppData\Local\Temp\Conduit
Folder Found : C:\Users\Bruce\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Bruce\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bruce\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Users\Bruce\AppData\Roaming\iWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8999 octets] - [08/08/2013 00:52:35]

########## EOF - C:\AdwCleaner[R1].txt - [9059 octets] ##########


Step 4 (OTL Custom Scan). Here is the log.

OTL logfile created on: 8/8/2013 1:02:05 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 60.40% Memory free
6.06 Gb Paging File | 4.83 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.20 Gb Total Space | 196.94 Gb Free Space | 68.57% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/06 18:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2013/07/29 14:27:32 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/07/29 14:27:32 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/07/29 14:27:32 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/27 17:38:45 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/06/19 22:41:38 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe
PRC - [2011/06/01 15:38:40 | 000,868,864 | ---- | M] (Audiovox Accessories Corp.) -- C:\Users\Bruce\Documents\RCA Detective\RCADetective.exe
PRC - [2010/09/14 20:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 16:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/07/25 21:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2002/07/17 11:00:00 | 000,200,767 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\mnyexpr.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/29 14:27:33 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/07/29 14:27:33 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/07/29 14:27:32 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/07/29 14:27:32 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/19 23:13:16 | 002,445,304 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/06/18 03:34:34 | 000,054,160 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/07/29 14:27:33 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/13 16:34:06 | 000,452,120 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2008/06/29 09:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2001/09/13 12:02:38 | 000,019,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2001/09/13 12:02:36 | 000,010,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2001/09/13 12:02:34 | 000,039,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2001/09/13 12:02:34 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes,DefaultScope = {1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes\{1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-12-14 17:46:31&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/06/07 19:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000..\Run: [Easy Dock] File not found
O4 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000..\Run: [Start WingMan Profiler] File not found
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Bruce\AppData\Local\Autobahn\nexdef.exe ()
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Bruce\Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.)
O7 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3921307934-1491640868-3642603130-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://www.partserve...3d/cnsweb3d.cab (Cnsweb3d Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06EE0428-32E6-419F-AE24-C23504017F8B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/08/07 23:21:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Bruce\Desktop\aswMBR.exe
[2013/08/07 22:53:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/07 22:42:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/06 20:44:08 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Tiffany
[2013/08/06 20:37:38 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Alan
[2013/08/06 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Bruce\.autobahn
[2013/08/06 20:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/08/06 20:19:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Ward Council
[2013/08/06 20:19:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\PEC
[2013/08/06 20:19:13 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\Bishopric
[2013/08/06 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Documents\Desktop Backup
[2013/08/05 18:01:47 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\a469e699-64a9-40e7-9471-53f0beca95a8ad
[2013/08/04 13:12:25 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\iWin
[2013/07/30 11:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/10 03:13:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/10 03:13:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/10 03:13:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/10 03:13:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/10 03:13:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/10 03:13:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/10 03:13:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/10 03:13:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/10 01:32:40 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/07/09 22:36:25 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/09 22:36:19 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/09 22:36:19 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/09 22:36:19 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/09 22:36:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/09 22:36:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/09 22:36:19 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/09 22:36:18 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/09 22:36:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/09 22:36:16 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/09 22:36:15 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/08 00:58:01 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/08/08 00:57:13 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/08/08 00:56:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 00:56:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 00:56:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/08 00:56:46 | 3146,993,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 00:51:45 | 000,666,633 | ---- | M] () -- C:\Users\Bruce\Desktop\adwcleaner.exe
[2013/08/08 00:46:40 | 000,000,512 | ---- | M] () -- C:\Users\Bruce\Desktop\MBR.dat
[2013/08/07 23:55:31 | 253,913,709 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/07 23:46:06 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Bruce\Desktop\aswMBR.exe
[2013/08/06 20:33:32 | 000,005,414 | ---- | M] () -- C:\Users\Bruce\AppData\Roaming\wklnhst.dat
[2013/08/06 19:52:55 | 000,002,234 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2013/08/06 18:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/07/31 21:34:51 | 016,846,848 | ---- | M] () -- C:\Users\Bruce\Documents\My Money.mny
[2013/07/31 21:34:50 | 016,753,016 | R--- | M] () -- C:\Users\Bruce\Documents\My Money Backup.mbf
[2013/07/29 19:04:12 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/29 19:04:12 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/29 14:27:33 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/10 03:47:27 | 000,390,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/08 00:51:34 | 000,666,633 | ---- | C] () -- C:\Users\Bruce\Desktop\adwcleaner.exe
[2013/08/08 00:46:40 | 000,000,512 | ---- | C] () -- C:\Users\Bruce\Desktop\MBR.dat
[2013/08/06 20:19:14 | 000,002,424 | ---- | C] () -- C:\Users\Bruce\Desktop\Temple Ordinance Request, Daniel and Slyvannus White.pdf
[2013/08/06 20:19:13 | 000,000,819 | ---- | C] () -- C:\Users\Bruce\Desktop\IrfanView.lnk
[2013/08/05 21:27:08 | 3146,993,664 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/05 11:48:50 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/07/09 21:27:38 | 000,005,414 | ---- | C] () -- C:\Users\Bruce\AppData\Roaming\wklnhst.dat
[2010/06/11 00:59:04 | 000,006,656 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 20:06:30 | 000,007,052 | ---- | C] () -- C:\Users\Bruce\AppData\Local\d3d9caps.dat
[2009/02/27 00:49:36 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/15 18:30:04 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Amazon
[2012/12/14 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG2013
[2009/09/24 22:17:52 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\CadSoft
[2011/06/29 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Canon
[2012/06/07 19:43:19 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\CheckPoint
[2009/05/10 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/20 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\funkitron
[2010/12/21 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Gamelab
[2012/08/19 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\IrfanView
[2011/03/06 19:40:55 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\iWin
[2011/03/06 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Ludia
[2010/05/03 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Microchip
[2011/04/03 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PlayFirst
[2011/04/29 14:29:23 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\SPORE Creature Creator
[2011/07/09 21:27:41 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Template
[2012/12/14 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TuneUp Software
[2013/01/11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 21:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 21:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 01:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 21:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/04/23 23:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 21:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 21:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 21:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 21:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 21:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 21:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 21:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 21:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 21:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 01:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 21:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 01:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.H >
[2007/05/08 15:49:48 | 000,002,610 | ---- | M] () MD5=F133C41C9B530B27576BBE7F47E8F32C -- C:\Program Files\Microchip\MpAM\Modules\DNetG2S\Services.h

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/08/05 16:22:17 | 000,001,947 | ---- | M] () MD5=BA1D910E1B4107E9BE70C41973B874AD -- C:\Users\Bruce\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K54WWHE2\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

< MD5 for: WINSOCK.H >
[2007/09/27 14:19:56 | 000,037,155 | ---- | M] () MD5=312BB8216BBA1D411C7E3BFCD19DAE1C -- C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\WinSock.h

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 7FC8-1127
Directory of C:\
11/02/2006 08:02 AM <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 08:02 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bruce
05/10/2009 08:34 PM <JUNCTION> Application Data [C:\Users\Bruce\AppData\Roaming]
05/10/2009 08:34 PM <JUNCTION> Cookies [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies]
05/10/2009 08:34 PM <JUNCTION> Local Settings [C:\Users\Bruce\AppData\Local]
05/10/2009 08:34 PM <JUNCTION> My Documents [C:\Users\Bruce\Documents]
05/10/2009 08:34 PM <JUNCTION> NetHood [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/10/2009 08:34 PM <JUNCTION> PrintHood [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/10/2009 08:34 PM <JUNCTION> Recent [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Recent]
05/10/2009 08:34 PM <JUNCTION> SendTo [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\SendTo]
05/10/2009 08:34 PM <JUNCTION> Start Menu [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu]
05/10/2009 08:34 PM <JUNCTION> Templates [C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bruce\AppData\Local
05/10/2009 08:34 PM <JUNCTION> Application Data [C:\Users\Bruce\AppData\Local]
05/10/2009 08:34 PM <JUNCTION> History [C:\Users\Bruce\AppData\Local\Microsoft\Windows\History]
05/10/2009 08:34 PM <JUNCTION> Temporary Internet Files [C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Bruce\AppData\LocalLow
04/14/2012 03:47 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Bruce\Documents
05/10/2009 08:34 PM <JUNCTION> My Music [C:\Users\Bruce\Music]
05/10/2009 08:34 PM <JUNCTION> My Pictures [C:\Users\Bruce\Pictures]
05/10/2009 08:34 PM <JUNCTION> My Videos [C:\Users\Bruce\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
11/02/2006 08:02 AM <JUNCTION> Cookies [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 08:02 AM <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> My Documents [c:\Users\Default\Documents]
11/02/2006 08:02 AM <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 08:02 AM <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 08:02 AM <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 08:02 AM <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 08:02 AM <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [c:\Users\Default\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [c:\Users\Default\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
10/23/2008 02:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
10/23/2008 02:15 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
10/23/2008 02:15 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 02:15 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/23/2008 02:15 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/23/2008 02:15 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/23/2008 02:15 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/23/2008 02:15 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/23/2008 02:15 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/23/2008 02:15 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
10/23/2008 02:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 02:15 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 02:15 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
10/23/2008 02:15 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/23/2008 02:15 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/23/2008 02:15 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
67 Dir(s) 211,008,888,832 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9320320AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 287.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 308383055872
Hidden sectors: 0


< End of report >
  • 0

#7
godawgs
Posted 08 August 2013 - 10:18 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Thanks for the quick turnaround.

You are welcome. We aims to please :)

I had a free trial of Norton Internet Security when I bought the computer. After it lapsed, I installed AVG and ZoneAlarm. I don't think I did anything other than let it lapse.

Acknowledged. Even thought there aren't any services or drivers running we need to uninstall it.

When I ran the OTL Fix (Step 1), it apparently hung with only [emptytemp] left in the Custom Scan/Fix box. After about a half hour of OTL "not responding" I restarted the computer. When I went to look for the log, there was none. There is a folder C:\_OTL\MovedFiles\08072013_225316 with subfolders of C_ProgramData, C_Users and C_Windows. Let me know if you need to know what is in these folders but it looks like the stuff listed in the custom fix you had me run.

Yep, it hangs at that point sometimes. But it did clear the nasties in the fix. The aswMBR scan is clean. AdwCleaner found more rubbish that we will remove.

Let me know how the computer is behaving after this run.


Step-1.

Make a Fresh Restore Point

  • Click the Start Orb Posted Image. Right click Computer and click Properties
  • In the left column under Tasks, click System Protection. Posted Image If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection Tab.
  • In the Available Disks section put a check mark in the box next to OS (C:) (System).
    • In Windows 7 it will be named Protection Settings. Make sure the protection is On for Local Disk (C:) (System).
    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • A System Protection window will open.

    Posted Image
  • Type in a name for the restore point, i.e: Clean and click Create
  • The System Protection window will tell you a Restore Point is being created.
  • The System Protection window will then tell you the Restore Point was created successfully. Click OK
  • Click OK again.
  • Close the Control Panel

Step-2.

Uninstall a Program

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Norton Internet Security

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Norton or Norton Internet Security or Symantic

2. Close Windows Explorer.


Step-3.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the adwcleaner.exe file and click Run as administrator, then accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-4.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstall went
2. The AdwCleaner[S1].txt log
3. The JRT.txt log
4. How is the computer running now?
  • 0

#8
Bruce8055
Posted 08 August 2013 - 04:58 PM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey godawgs.

I created the restore point without any problem. However, Norton is not listed in the list of programs in the control panel to uninstall. I did a search of the C:\Program Files folder and couldn't find anything other than .png files related to Norton.

I didn't do any of the other steps you requested because I don't know if not uninstalling Norton would be a problem.

Let me know.

Bruce
  • 0

#9
godawgs
Posted 08 August 2013 - 06:59 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Uninstalling Norton is not a problem. It shows in the list of installed programs in the OTL Extras.txt log, but if it isn't in the Control Panel list then don't worry about it.
Please continue with the rest on the instructions.
  • 0

#10
Bruce8055
Posted 08 August 2013 - 09:33 PM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Following are the logs from AdwCleaner and JRT. The computer is running a lot better. The Google Redirect is gone. I have gotten a pop up that didn't get blocked.

AdwCleaner

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 21:50:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Bruce - LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Bruce\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Bruce\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Bruce\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Bruce\AppData\Local\Conduit
Folder Deleted : C:\Users\Bruce\AppData\Local\iWin
Folder Deleted : C:\Users\Bruce\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Bruce\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Bruce\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bruce\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Bruce\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9128 octets] - [08/08/2013 00:52:35]
AdwCleaner[S1].txt - [9123 octets] - [08/08/2013 21:50:25]

########## EOF - C:\AdwCleaner[S1].txt - [9183 octets] ##########


JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows Vista ™ Home Premium x86
Ran by Bruce on Thu 08/08/2013 at 22:14:24.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1E344E5C-EE59-4B93-9E69-677EF1EFF9A4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6D3885A7-C9AB-4FDA-A7B2-87112F664825}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/08/2013 at 22:17:14.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements

#11
godawgs
Posted 08 August 2013 - 10:26 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have gotten a pop up that didn't get blocked.

Can you tell me more about that.
  • 0

#12
Bruce8055
Posted 09 August 2013 - 09:09 AM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
You know, I don't think I can tell you much. I was searching for random stuff, clicking on random links and I don't remember what the pop up was or what site I was on. After my last post, I continued playing around and I didn't have any problems at all. Sorry for not being more observant.
  • 0

#13
godawgs
Posted 09 August 2013 - 10:01 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the info. I just wanted to make sure it wasn't something that was happening all the time. Browsers can miss some pop ups depending on how you have the pop up blocker configured in the browser. But if you haven't had the problem since it sounds like everything is working ok.

Everything looks good but we need to scan for any residual malware files and check for any programs that need to be updated.


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here and save it to the desktop.

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just tell me.
3. The checkup.txt log
  • 0

#14
Bruce8055
Posted 10 August 2013 - 06:57 AM

Bruce8055

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Those first two scans were long! All three logs are included below.

MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bruce :: LAPTOP [administrator]

8/9/2013 11:05:02 PM
mbam-log-2013-08-09 (23-05-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 484883
Time elapsed: 3 hour(s), 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Bruce\AppData\Local\Temp\ojilcnmp.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Users\Bruce\AppData\Local\Temp\lcnmpgba.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Users\Bruce\AppData\Local\Temp\wghnxfpkisnyscsqpff.bfg (Trojan.Zbot.RVH) -> Quarantined and deleted successfully.
C:\Users\Bruce\Templates\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Bruce\AppData\Local\Temp\6o4v7yr6ikfw18072u (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


ESET SCAN

C:\Users\Bruce\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Bruce\AppData\Local\Temp\feumleviyabhoufngmh.bfg a variant of Win32/Kryptik.BHKG trojan
C:\Users\Bruce\AppData\Local\Temp\jar_cache3466583319597352082.tmp a variant of Java/Exploit.Agent.PEB trojan
C:\Users\Bruce\AppData\Local\Temp\jar_cache5903818575124509270.tmp a variant of Java/Exploit.Agent.NPG trojan
C:\Users\Bruce\AppData\Local\Temp\jar_cache8139189273844289181.tmp a variant of Java/Exploit.Agent.OMQ trojan
C:\Users\Bruce\AppData\Local\Temp\rsrctt\rsrctt.dll Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Bruce\AppData\Local\Temp\urbylmnjm\urbylmnjm.dll Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Bruce\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\744ed939-129c4b61 multiple threats
C:\Users\Bruce\Documents\Desktop Backup\Avery Template.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Bruce\Documents\RCA easyRip\RCAeasyRipInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Bruce\Downloads\RCAEASYRIPINSTALLER2570 (1).EXE a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Bruce\Downloads\RCAEASYRIPINSTALLER2570.EXE a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\Installer\3f8aac7.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\_OTL\MovedFiles\08072013_225316\C_Users\Bruce\AppData\Local\Conduit\Adobe\kmliilcokn.dll Win32/TrojanDownloader.Tracur.V trojan


Security Check

Results of screen317's Security Check version 0.99.72
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
  • 0

#15
godawgs
Posted 10 August 2013 - 08:58 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Those first two scans were long!

I knew they would be. But they found the malware files in the TEMP folders. Remember when we ran the OTL fix with the [emptytemp] directive and it got hung at that directive? Well MBAM got some of them and ESET found some more. Now we will run another OTL fix to remove the nasties that ESET found and in the process maybe the [emptytemp] command will run to completion this time.

Then we will need to update your Adobe Reader, Adobe Flashplayer and Java programs. Java is really out of date. I know it's taken some time but we are almost finished. :)


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
C:\Users\Bruce\AppData\Local\Temp\AskSLib.dll
C:\Users\Bruce\AppData\Local\Temp\feumleviyabhoufngmh.bfg
C:\Users\Bruce\AppData\Local\Temp\jar_cache3466583319597352082.tmp
C:\Users\Bruce\AppData\Local\Temp\jar_cache5903818575124509270.tmp
C:\Users\Bruce\AppData\Local\Temp\jar_cache8139189273844289181.tmp
C:\Users\Bruce\AppData\Local\Temp\rsrctt\rsrctt.dll
C:\Users\Bruce\AppData\Local\Temp\urbylmnjm\urbylmnjm.dll
C:\Users\Bruce\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\744ed939-129c4b61
C:\Users\Bruce\Documents\RCA easyRip\RCAeasyRipInstaller.exe
C:\Users\Bruce\Downloads\RCAEASYRIPINSTALLER2570 (1).EXE
C:\Users\Bruce\Downloads\RCAEASYRIPINSTALLER2570.EXE

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Click the Start Orb and click Control Panel. Under the Programs and Features heading click Uninstall a program. The list of installed programs will populate.
  • Remove ALL instances of Adobe Reader. To do that right click the program and click Uninstall
    The Adobe programs that I see installed are:
    • Adobe Reader 9
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark in the box next to Yes, install McAfee Security Scan Plus-optional.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar, or any of the add ons that it wants to install.


Step-3.

Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software.

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
  • Under Step 1, click the down arrow and choose your operating system (Choose Windows 7/Vista/XP).
  • Under Step 2, and select the browser you want to install FlashPlayer for.
    NOTE: You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) separately.
  • Make sure to uncheck the box beside Yes, install McAfee Security Scan Plus-optional before downloading.
  • Click the Download now button. The File Download window will open.
  • Click Save As and save the set up file to the desktop.
  • Repeat the above for the other version of Flash Player.
  • Close the browser and all open windows.
  • Back on the desktop, right click on one of the Flash Player setup files and click Run as Administrator to start the installation.
  • Once the installation has completed restart the computer.
  • When the computer has restarted, right click the other Flash Player setup file and click Run as Administrator to install it.
  • Restart the computer one more time to make sure the changes are effective.


Step-4.

Posted Image JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u25
  • Click the "Download button under the JRE" column.
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u25 heading:
    To install the version for your system:
    • For Windows 32 bit systems, look for Windows x86 Offline 30.25MB, click the jre-7u25-windows-i586.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Click to (highlight) any Java item. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:

    Java™ 6 Update 29

  • For Vista/7/8: Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
C.
Install the latest JAVA

  • Back on your desktop:
    • Right click the jre-7u25-Windows-i586.exe file and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the updates went.
2. The OTL fixes log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP