Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible malware issue

Started by tjmcs , Aug 27 2013 06:53 PM

  • Please log in to reply

#1
tjmcs
Posted 27 August 2013 - 06:53 PM

tjmcs

    Member

  • Member
  • PipPipPip
  • 329 posts
Greetings,

The original post for this problem is http://www.geekstogo...-not-waking-up/. Was asked to post in this forum.

The computer is a Dell Inspiron 530 running AVG. The problem is this...when the machine is not used for several hours, it becomes unresponsive, everything is frozen, mouse, keyboard, everything. All you can do is hold the on/off button in until it turns off, then you can reboot.

It is my fathers computer. At night or after use in the mornings, he turns the screen off and leaves the computer on. In the morning or upon use after work, the computer is frozen. he reboots and everything is fine. Or, so he said until I sat him down and talked to him. In IE, the screen scroll is erratic. Sometimes slow, sometimes not at all. He is receiving error messages that IE is using too much power and must shut down. Now, he has the BSOD of dumping physical memory.

In looking through the computer, I found an add-on for Web Cake 3.0, found it was a virus, and asked a friend in my civic organization (a network programmer) what to do. He had me run Combofix. The add-on disappeared but the problem persist.

I asked for help in the linked forum and was asked to post a topic here beginning with an OTL log. Here it is.

OTL logfile created on: 8/26/2013 6:54:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mcinnis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.50% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 414.04 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.73 Gb Free Space | 91.97% Space Free | Partition Type: FAT32

Computer Name: TOMMYSDELL | User Name: mcinnis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/26 18:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
PRC - [2013/08/26 18:39:33 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/19 10:31:48 | 000,559,616 | ---- | M] (BrowserSafeguard) -- C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
PRC - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () -- C:\Program Files\WebConnect\updateWebConnect.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 23:23:13 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/08 01:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Documents and Settings\mcinnis\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINXP\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/26 18:49:06 | 000,007,680 | ---- | M] () -- C:\Program Files\WebConnect\WebConnect.Common.dll
MOD - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () -- C:\Program Files\WebConnect\updateWebConnect.exe
MOD - [2013/08/15 12:30:52 | 000,212,992 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:30:43 | 000,141,312 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/15 12:29:23 | 000,978,944 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/15 06:43:07 | 005,462,016 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 06:43:02 | 012,434,432 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a12a09aaa2c560a808dea7eaba5040c1\System.Windows.Forms.ni.dll
MOD - [2013/08/15 06:42:49 | 001,593,344 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 06:41:10 | 007,977,984 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/07/13 03:12:26 | 011,497,984 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\TEMP\MOBCleanup.exe -- (MOBCleanup)
SRV - File not found [Auto | Stopped] -- F:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users.WINXP\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () [Auto | Running] -- C:\Program Files\WebConnect\updateWebConnect.exe -- (Update WK)
SRV - [2013/08/15 19:52:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mcinnis\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/21 09:12:11 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINXP\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINXP\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINXP\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/09 21:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2008/10/09 11:55:40 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2008/07/01 17:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 17:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 17:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/11/16 03:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {84C2AA9D-2C31-4FFD-A50F-D9A1281D4706}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}: "URL" = http://dts.search-re...&q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {FDEB895C-7D46-479D-9379-BB8B0596579E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{65F93BA6-D151-4DC9-BB12-E0BB6A0D6157}: "URL" = http://websearch.ask...FF-E5C212375FBA
IE - HKCU\..\SearchScopes\{FDEB895C-7D46-479D-9379-BB8B0596579E}: "URL" = http://websearch.sho...&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1044;https=127.0.0.1:1044;


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users.WINXP\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users.WINXP\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/26 18:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/26 18:44:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users.WINXP\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2013/01/31 23:09:31 | 000,000,000 | ---D | M]

[2013/08/20 17:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcinnis\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\
CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34\

O1 HOSTS File: ([2013/08/18 12:35:29 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (WebConnect) - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files\WebConnect\WebConnectBHO.dll (Web Connect)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\mcinnis\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINXP\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (BrowserSafeguard)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\mcinnis\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1275594021828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1373143658669 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2473DC1B-B271-45CC-ABB0-B1310C3B4878}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mcinnis\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcinnis\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/08 13:46:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/26 18:50:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
[2013/08/26 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\RealNetworks
[2013/08/26 18:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/08/26 18:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks
[2013/08/21 17:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\BrowserSafeguard
[2013/08/21 17:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Browsersafeguard
[2013/08/20 17:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\VideoLAN
[2013/08/20 17:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Start Menu\Programs\TopArcadeHits
[2013/08/20 17:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\Mozilla
[2013/08/20 17:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\WebConnect
[2013/08/20 17:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\TopArcadeHits
[2013/08/18 16:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\SearchProtect
[2013/08/18 16:15:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/18 13:30:19 | 000,000,000 | --SD | C] -- C:\Joeseph
[2013/08/18 12:23:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mcinnis\Recent
[2013/08/17 09:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\iTunes
[2013/08/17 09:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/15 19:50:19 | 001,067,096 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\mcinnis\My Documents\AdobeFlashPlayerActiveXSetup.exe
[2013/08/15 06:42:41 | 000,000,000 | ---D | C] -- C:\WINXP\System32\MRT
[2013/08/10 12:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\Movdap
[2013/08/10 12:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\Movdap
[2013/08/06 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\VS Revo Group
[2013/08/06 16:38:33 | 009,916,056 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\mcinnis\My Documents\RevoUninstallerProSetup.exe
[2013/07/30 16:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\AVG
[2013/07/28 20:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\My Documents\Swim & Baseball 2013
[2 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/26 18:55:15 | 000,000,826 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job
[2013/08/26 18:52:14 | 000,000,382 | ---- | M] () -- C:\WINXP\tasks\FreeFileViewerUpdateChecker.job
[2013/08/26 18:51:54 | 000,000,304 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:51:46 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013/08/26 18:51:46 | 000,000,312 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
[2013/08/26 18:49:20 | 000,000,282 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:49:20 | 000,000,282 | ---- | M] () -- C:\WINXP\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:48:57 | 000,000,884 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/26 18:48:56 | 000,000,398 | ---- | M] () -- C:\WINXP\tasks\ProgramUpdateCheck.job
[2013/08/26 18:48:33 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013/08/26 18:48:31 | 2136,158,208 | ---- | M] () -- C:\WINXP\MEMORY.DMP
[2013/08/26 18:46:38 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:44:37 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\RealPlayer.lnk
[2013/08/26 18:39:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINXP\System32\pncrt.dll
[2013/08/26 18:35:19 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Continue RealPlayer Free Download Installation.lnk
[2013/08/26 18:28:01 | 000,000,888 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/26 18:19:01 | 000,001,006 | ---- | M] () -- C:\WINXP\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-261478967-725345543-1003UA.job
[2013/08/26 17:13:03 | 000,000,690 | ---- | M] () -- C:\WINXP\tasks\BrowserSafeguard Update Task.job
[2013/08/26 16:51:37 | 000,000,342 | ---- | M] () -- C:\WINXP\tasks\TopArcadeHits.job
[2013/08/25 21:19:00 | 000,000,984 | ---- | M] () -- C:\WINXP\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-261478967-725345543-1003Core.job
[2013/08/25 18:47:01 | 000,000,454 | ---- | M] () -- C:\WINXP\tasks\ProgramRefresh-ATFST.job
[2013/08/25 09:24:17 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Google.url
[2013/08/25 07:14:49 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\The Times.url
[2013/08/24 17:59:09 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Facebook.url
[2013/08/24 10:20:17 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\FREE Online Slot Machines!.url
[2013/08/24 07:41:00 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2013/08/23 06:09:02 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/22 21:42:45 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Channel 3 News.url
[2013/08/22 16:56:54 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\(3) Candy Crush Saga on Facebook.url
[2013/08/22 06:04:24 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Louisiana Lottery Corporation.url
[2013/08/20 17:46:17 | 023,008,542 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\VLCmediaplayerSetup.exe
[2013/08/19 06:19:06 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Monroe News Star.url
[2013/08/18 19:07:21 | 000,066,029 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\August 2013 M&A.pdf
[2013/08/18 19:06:19 | 000,164,792 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\Activities report august 2013.pdf
[2013/08/18 18:46:46 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Lions Intl..url
[2013/08/18 12:35:29 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2013/08/18 09:08:09 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Microsoft Office Outlook 2003.lnk
[2013/08/17 09:48:18 | 000,000,330 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/17 09:11:34 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\iTunes.lnk
[2013/08/15 19:49:43 | 001,067,096 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\mcinnis\My Documents\AdobeFlashPlayerActiveXSetup.exe
[2013/08/15 06:40:44 | 000,444,490 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2013/08/15 06:40:44 | 000,072,622 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2013/08/15 06:34:58 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Channel 12 News.url
[2013/08/06 16:38:00 | 009,916,056 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\mcinnis\My Documents\RevoUninstallerProSetup.exe
[2013/08/02 17:14:58 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Microsoft Office Word 2003.lnk
[2013/07/30 16:11:14 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\AVG 2013.lnk
[2013/07/27 19:35:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\CCleaner.lnk
[2 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/26 18:44:37 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\RealPlayer.lnk
[2013/08/26 18:35:19 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\mcinnis\Desktop\Continue RealPlayer Free Download Installation.lnk
[2013/08/22 16:56:54 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\mcinnis\Desktop\(3) Candy Crush Saga on Facebook.url
[2013/08/21 17:13:24 | 000,000,690 | ---- | C] () -- C:\WINXP\tasks\BrowserSafeguard Update Task.job
[2013/08/20 17:46:25 | 000,000,342 | ---- | C] () -- C:\WINXP\tasks\TopArcadeHits.job
[2013/08/20 17:46:21 | 023,008,542 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\VLCmediaplayerSetup.exe
[2013/08/18 19:07:21 | 000,066,029 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\August 2013 M&A.pdf
[2013/08/18 19:06:19 | 000,164,792 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\Activities report august 2013.pdf
[2013/08/17 09:11:34 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\iTunes.lnk
[2013/07/19 17:55:42 | 000,013,464 | ---- | C] () -- C:\WINXP\System32\drivers\SWDUMon.sys
[2013/05/03 21:28:05 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2013/05/03 21:08:04 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\1.bmp
[2013/05/03 21:07:36 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\1.jpg
[2013/03/31 06:37:01 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2012/09/30 17:52:59 | 000,000,527 | ---- | C] () -- C:\WINXP\ULEAD32.INI
[2012/08/10 16:12:18 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\dt.dat
[2012/06/17 16:02:37 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011/11/14 13:31:43 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/01/10 14:54:01 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 18:44:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\PUTTY.RND
[2008/04/25 16:42:40 | 000,161,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2010/06/08 14:03:32 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/09 23:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/17 09:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/30 18:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\APN
[2012/09/25 19:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Ask
[2010/06/08 13:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Autodesk
[2013/01/28 10:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\AVG January 2013 Campaign
[2013/01/18 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\AVG2013
[2013/02/04 11:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Browser Manager
[2012/01/12 14:27:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Common Files
[2012/07/19 05:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\DAEMON Tools Lite
[2013/05/03 18:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\HitmanPro
[2013/08/26 18:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MFAData
[2013/05/10 08:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MSScanAppDataDir
[2013/03/30 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Oberon Media
[2013/08/18 12:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Tarma Installer
[2012/08/15 20:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\The Print Shop Business
[2013/08/06 16:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\VS Revo Group
[2013/03/30 18:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\W3i
[2012/06/17 15:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\WeCareReminder
[2012/06/24 07:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/08/18 10:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\1O1L1I1PtF1F1C1N
[2011/12/07 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\9A33A
[2013/07/03 16:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Atomic Alarm Clock 6
[2010/06/08 14:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Autodesk
[2012/01/12 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\AVG2012
[2012/10/01 19:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\AVG2013
[2012/08/24 17:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/19 05:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\DAEMON Tools Lite
[2013/03/30 18:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\encyclopediabritannicagamesbar
[2012/10/28 14:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FolderSync
[2012/07/13 22:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeBurner
[2013/03/31 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeFileViewer
[2011/12/10 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeFixer
[2012/10/08 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Garmin
[2013/08/18 09:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Movdap
[2012/10/25 20:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\OutlookSync
[2011/10/03 08:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\PDF Viewer
[2012/12/01 17:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\SBG-SVG
[2013/08/18 16:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\SearchProtect
[2013/07/22 20:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\ShopAtHome
[2012/10/25 20:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Targus
[2012/10/01 19:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\TuneUp Software
[2013/03/30 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\VisicomToolBar

========== Purity Check ==========



< End of report >



  • 0

Advertisements

#2
RKinner
Posted 27 August 2013 - 11:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Run the following list of scans. You can post each log as you get it if you want to. If something won't work skip to the next step.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and double click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


You have a proxy on IE. Probably malware. We will remove it with OTL along with some junk


Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1044;https=127.0.0.1:1044;
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (WebConnect) - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files\WebConnect\WebConnectBHO.dll (Web Connect)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\mcinnis\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [BrowserSafeguard] C:\Program Files\Browsersafeguard\BrowserSafeguard.exe (BrowserSafeguard)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\mcinnis\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1275594021828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1373143658669 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
[2013/08/26 18:52:14 | 000,000,382 | ---- | M] () -- C:\WINXP\tasks\FreeFileViewerUpdateChecker.job
[2013/08/26 18:28:01 | 000,000,888 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/26 18:19:01 | 000,001,006 | ---- | M] () -- C:\WINXP\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-261478967-725345543-1003UA.job
[2013/08/26 17:13:03 | 000,000,690 | ---- | M] () -- C:\WINXP\tasks\BrowserSafeguard Update Task.job
[2013/08/26 16:51:37 | 000,000,342 | ---- | M] () -- C:\WINXP\tasks\TopArcadeHits.job
[2013/08/25 21:19:00 | 000,000,984 | ---- | M] () -- C:\WINXP\tasks\FacebookUpdateTaskUserS-1-5-21-583907252-261478967-725345543-1003Core.job
[2013/08/25 18:47:01 | 000,000,454 | ---- | M] () -- C:\WINXP\tasks\ProgramRefresh-ATFST.job
[2013/08/26 18:48:57 | 000,000,884 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/26 18:48:56 | 000,000,398 | ---- | M] () -- C:\WINXP\tasks\ProgramUpdateCheck.job
[2013/08/21 17:13:24 | 000,000,690 | ---- | C] () -- C:\WINXP\tasks\BrowserSafeguard Update Task.job
[2013/08/20 17:46:25 | 000,000,342 | ---- | C] () -- C:\WINXP\tasks\TopArcadeHits.job
[2013/08/18 16:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\SearchProtect

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

If you do not get a log file when it finishes, run it again. Currently we are seeing a new version of ZeroAccess which takes Combofix two runs to defeat. Copy and paste the log file into a reply.





Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Most older neglected XPs will need a manual defrag:

http://support.microsoft.com/kb/314848



Ron
  • 0

#3
tjmcs
Posted 28 August 2013 - 05:55 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Thank you, Ron.

Saturday will be the day I can get to the infected computer.


Joe
  • 0

#4
tjmcs
Posted 31 August 2013 - 10:39 AM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Encountered a problem. Downloaded and ran adwcleaner. Now I cannot use the computer. Nothing happens when I click anything. Here is the log:

# AdwCleaner v3.001 - Report created 31/08/2013 at 10:56:02
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mcinnis - TOMMYSDELL
# Running from : C:\Documents and Settings\mcinnis\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Browser Manager
Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINXP\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users.WINXP\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users.WINXP\Application Data\Browser Manager
Folder Deleted : C:\Documents and Settings\All Users.WINXP\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users.WINXP\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Movdap
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\visualbee
Folder Deleted : C:\Program Files\VisualBee_V.11
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\mcinnis\IECompatCache
Folder Deleted : C:\Documents and Settings\mcinnis\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\mcinnis\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\Documents and Settings\mcinnis\Application Data\Movdap
Folder Deleted : C:\Documents and Settings\mcinnis\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\mcinnis\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\mcinnis\Start Menu\Programs\Browser Manager
[!] Folder Deleted : C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0016912.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox.1
Key Deleted : HKCU\Software\5257dddae56aeb47
Key Deleted : HKLM\SOFTWARE\5257dddae56aeb47
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311391106}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322392206}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355395506}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366396606}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344394406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7093EE04-F2E4-4637-A667-0F730797B3A0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7093EE04-F2E4-4637-A667-0F730797B3A0}]
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\lyrixeeker
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\VisualBee_V.11
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\VisualBee_V.11
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13847 octets] - [31/08/2013 10:55:32]
AdwCleaner[S0].txt - [12886 octets] - [31/08/2013 10:56:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12947 octets] ##########



  • 0

#5
RKinner
Posted 31 August 2013 - 11:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't usually have a problem after running adwcleaner. I don't see anything in the log that looks like it would have caused a problem.

Can you boot into Safe Mode with Networking?

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

You might also try Last Known Good from the Safe Mode Menu.

Can you get into System Restore? And go back to the last restore point?

http://support.microsoft.com/kb/306084
  • 0

#6
tjmcs
Posted 31 August 2013 - 11:47 AM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Can boot into Safe mode with networking but cannot go online.
Can boot into last known config but cannot go online.
System restore says it cannot restore.
After boot up, my normal desktop image is shifted to the right. On the left is toolbars(?); from top to bottom:
Folder Tasks
Other Places
Details
  • 0

#7
RKinner
Posted 31 August 2013 - 11:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
There was a suspicious proxy in IE shown in the OTL log:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1044;https=127.0.0.1:1044


It's possible that it doesn't work in Safe Mode so try removing it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart the browser and test.

Do you still have the "Nothing happens when I click anything" problem in Safe Mode?
  • 0

#8
tjmcs
Posted 31 August 2013 - 12:20 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Same problem.

Unlike the normal desktop, the desktop in Safe mode has the IE icon (before adwcleaner, the old desktop had the icon, may be shifted to far to the right to access). The activity light flashes when I click it but it does not go online. I had to try the fix by clicking properties.

Also, on the normal desktop, when I click the start button (only way to try IE), most button do not let me do anything. At least the IE button lets me open properties. In Safe mode, all buttons work after entering start.

joe
  • 0

#9
tjmcs
Posted 31 August 2013 - 01:01 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Finally found a date I could restore to under safe mode. Desktop is back, IE is operational. Continuing to next step, junkware-removal-tool.

joe
  • 0

#10
tjmcs
Posted 31 August 2013 - 07:01 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Requested logs. Page is timing out (?) so am sending two posts.

adwcleaner already sent.

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Microsoft Windows XP x86
Ran by mcinnis on Sat 08/31/2013 at 14:09:41.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browser manager
Successfully deleted: [Service] browser manager
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\lyrixeeker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0016912.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0016912.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0016912.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122692212}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155695512}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166696612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0016912.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0016912.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0016912.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2856453
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2866332
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550155695512}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660166696612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111691112}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{65F93BA6-D151-4DC9-BB12-E0BB6A0D6157}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FDEB895C-7D46-479D-9379-BB8B0596579E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"



~~~ Files

Successfully deleted: [File] C:\WINXP\Tasks\toparcadehits.job



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\browser manager"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\wecarereminder"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Application Data\movdap"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\blekkotb_031"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\installation assistant"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\toparcadehits"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\Local Settings\Application Data\visualbeeclient"
Successfully deleted: [Folder] "C:\Program Files\fileopenerpro"
Successfully deleted: [Folder] "C:\Program Files\installation assistant"
Successfully deleted: [Folder] "C:\Program Files\movdap"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Program Files\w3i, llc"
Failed to delete: [Folder] "C:\Program Files\webconnect"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\start menu\programs\browser manager"
Successfully deleted: [Folder] "C:\Documents and Settings\mcinnis\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\WINXP\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINXP\application data\ask"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/31/2013 at 14:12:33.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


No log received from OTL.


Combofix

ComboFix 13-08-31.01 - mcinnis 08/31/2013 14:34:57.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1416 [GMT -5:00]
Running from: c:\documents and settings\mcinnis\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-31 )))))))))))))))))))))))))))))))
.
.
2013-08-31 19:20 . 2013-08-31 19:20 -------- d-----w- C:\_OTL
2013-08-31 19:09 . 2013-08-31 19:09 -------- d-----w- c:\winxp\ERUNT
2013-08-31 18:54 . 2013-08-31 18:54 -------- d-----w- c:\winxp\system32\wbem\Repository
2013-08-31 18:53 . 2013-08-31 19:23 -------- d-----w- c:\program files\WebConnect
2013-08-31 18:53 . 2013-08-31 18:53 -------- d-----w- c:\program files\VS Revo Group
2013-08-31 18:53 . 2013-08-31 18:58 -------- d-sh--w- c:\documents and settings\mcinnis\IECompatCache
2013-08-31 15:55 . 2013-08-31 15:56 -------- d-----w- C:\AdwCleaner
2013-08-26 23:45 . 2013-08-26 23:45 -------- d-----w- c:\documents and settings\mcinnis\Application Data\RealNetworks
2013-08-26 23:44 . 2013-08-26 23:44 -------- d-----w- c:\program files\RealNetworks
2013-08-26 23:44 . 2013-08-26 23:44 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\RealNetworks
2013-08-18 18:30 . 2013-08-18 18:38 -------- d-----w- C:\Joeseph
2013-08-17 14:11 . 2013-08-17 14:11 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-15 11:42 . 2013-08-15 11:44 -------- d-----w- c:\winxp\system32\MRT
2013-08-06 21:39 . 2013-08-06 21:39 -------- d-----w- c:\documents and settings\All Users.WINXP\Application Data\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-26 23:39 . 2012-09-29 15:26 499712 ----a-w- c:\winxp\system32\msvcp71.dll
2013-08-26 23:39 . 2012-09-29 15:26 348160 ----a-w- c:\winxp\system32\msvcr71.dll
2013-08-16 00:52 . 2013-01-19 23:03 71048 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2013-08-16 00:52 . 2013-01-19 23:03 692104 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2013-08-03 19:18 . 2006-10-19 03:47 1543680 ------w- c:\winxp\system32\wmvdecod.dll
2013-07-26 02:47 . 2006-03-04 03:33 920064 ----a-w- c:\winxp\system32\wininet.dll
2013-07-26 02:47 . 2004-08-04 10:00 43520 ------w- c:\winxp\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-04 10:00 1469440 ------w- c:\winxp\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-04 10:00 385024 ------w- c:\winxp\system32\html.iec
2013-07-21 14:12 . 2013-07-19 22:55 13464 ----a-w- c:\winxp\system32\drivers\SWDUMon.sys
2013-07-20 06:51 . 2012-08-09 18:56 246072 ----a-w- c:\winxp\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2012-04-19 09:50 60216 ----a-w- c:\winxp\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2011-12-23 18:32 208184 ----a-w- c:\winxp\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2011-10-07 12:23 171320 ----a-w- c:\winxp\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2004-08-04 10:00 406016 ----a-w- c:\winxp\system32\usp10.dll
2013-07-10 06:32 . 2011-09-13 12:30 39224 ----a-w- c:\winxp\system32\drivers\avgrkx86.sys
2013-07-08 23:01 . 2013-07-08 23:01 465280 ----a-r- c:\winxp\system32\cpnprt2win32.cid
2013-07-04 03:03 . 2005-03-30 01:21 2149888 ----a-w- c:\winxp\system32\ntoskrnl.exe
2013-07-04 02:08 . 2005-03-30 01:01 2028544 ----a-w- c:\winxp\system32\ntkrnlpa.exe
2013-07-01 06:45 . 2011-08-08 12:08 96568 ----a-w- c:\winxp\system32\drivers\avgmfx86.sys
2013-06-13 02:48 . 2012-06-13 21:16 867240 ----a-w- c:\winxp\system32\npdeployJava1.dll
2013-06-13 02:48 . 2011-03-31 13:42 789416 ----a-w- c:\winxp\system32\deployJava1.dll
2013-06-13 02:48 . 2013-06-20 00:38 94632 ----a-w- c:\winxp\system32\WindowsAccessBridge.dll
2013-06-13 02:35 . 2013-06-20 00:38 144896 ----a-w- c:\winxp\system32\javacpl.cpl
2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\winxp\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\winxp\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\winxp\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\winxp\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\winxp\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"EKIJ5000StatusMonitor"="c:\winxp\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-08-26 295512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\mcinnis\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\winxp\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\winxp\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winxp\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\winxp\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\winxp\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\winxp\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\winxp\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 182072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
R2 Update WK;Update WK;c:\program files\WebConnect\updateWebConnect.exe [8/17/2013 8:55 AM 199976]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"f:\hitmanpro.exe" /crusader:boot --> f:\HitmanPro.exe [?]
S2 MOBCleanup;MOBCleanup;"c:\winxp\TEMP\MOBCleanup.exe" --> c:\winxp\TEMP\MOBCleanup.exe [?]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\winxp\system32\drivers\ADM8511.SYS [6/13/2012 4:10 PM 20160]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\winxp\system32\drivers\btblan.sys [10/9/2009 9:23 PM 33792]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\winxp\system32\drivers\NtpaSp50.sys [12/1/2012 5:59 PM 17536]
S3 Revoflt;Revoflt;c:\winxp\system32\drivers\revoflt.sys [9/29/2012 10:16 AM 27064]
S3 SWDUMon;SWDUMon;c:\winxp\system32\drivers\SWDUMon.sys [7/19/2013 5:55 PM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\winxp\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-31 c:\winxp\Tasks\Adobe Flash Player Updater.job
- c:\winxp\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 00:52]
.
2013-08-31 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-27 c:\winxp\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19]
.
2013-08-31 c:\winxp\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2013-08-31 c:\winxp\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2013-08-31 c:\winxp\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-08-31 c:\winxp\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-08-31 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-08-30 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll
AddRemove-fileopenerpro - c:\program files\FileOpenerPro\uninstall.exe
AddRemove-Installation Assistant - c:\program files\Installation Assistant\Uninstall.exe
AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe
AddRemove-WebConnect - c:\program files\WebConnect\WebConnectuninstall.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\documents and settings\mcinnis\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-31 14:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HitmanPro37CrusaderBoot]
"ImagePath"="\"f:\hitmanpro.exe\" /crusader:boot"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3324)
c:\winxp\system32\WININET.dll
c:\winxp\system32\AcSignIcon.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\mshtml.dll
c:\winxp\system32\msls31.dll
c:\winxp\system32\msi.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\WPDShServiceObj.dll
c:\winxp\system32\PortableDeviceTypes.dll
c:\winxp\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-31 14:42:55
ComboFix-quarantined-files.txt 2013-08-31 19:42
ComboFix2.txt 2013-08-18 17:38
ComboFix3.txt 2013-07-04 19:52
ComboFix4.txt 2013-05-04 02:53
ComboFix5.txt 2013-08-18 18:23
.
Pre-Run: 445,898,723,328 bytes free
Post-Run: 446,017,654,784 bytes free
.
- - End Of File - - 45F869EA185836E422A30B7C983D5E1B
8F558EB6672622401DA993E1E865C861


OTL x2

OTL logfile created on: 8/31/2013 2:48:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mcinnis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.31% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 415.42 Gb Free Space | 89.20% Space Free | Partition Type: NTFS

Computer Name: TOMMYSDELL | User Name: mcinnis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/31 14:19:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
PRC - [2013/08/26 18:39:33 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () -- C:\Program Files\WebConnect\updateWebConnect.exe
PRC - [2013/08/14 15:19:58 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 23:23:13 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINXP\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/31 14:23:51 | 000,007,680 | ---- | M] () -- C:\Program Files\WebConnect\WebConnect.Common.dll
MOD - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () -- C:\Program Files\WebConnect\updateWebConnect.exe
MOD - [2013/08/15 12:30:52 | 000,212,992 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 12:30:43 | 000,141,312 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll
MOD - [2013/08/15 12:29:23 | 000,978,944 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/15 06:43:07 | 005,462,016 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 06:41:10 | 007,977,984 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/07/13 03:12:26 | 011,497,984 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\TEMP\MOBCleanup.exe -- (MOBCleanup)
SRV - File not found [Auto | Stopped] -- F:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot)
SRV - [2013/08/17 08:55:38 | 000,199,976 | ---- | M] () [Auto | Running] -- C:\Program Files\WebConnect\updateWebConnect.exe -- (Update WK)
SRV - [2013/08/15 19:52:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\mcinnis\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/21 09:12:11 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINXP\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINXP\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINXP\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/09 21:23:06 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV - [2008/10/09 11:55:40 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\NtpaSp50.sys -- (NTPASp50)
DRV - [2008/07/01 17:13:26 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/07/01 17:13:26 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/07/01 17:13:24 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/11/16 03:56:26 | 000,550,272 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {84C2AA9D-2C31-4FFD-A50F-D9A1281D4706}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINXP\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users.WINXP\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users.WINXP\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/08/26 18:44:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/26 18:44:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users.WINXP\Application Data\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

[2013/08/20 17:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mcinnis\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\
CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg\1.23.27_0\

O1 HOSTS File: ([2013/08/18 12:35:29 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINXP\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2473DC1B-B271-45CC-ABB0-B1310C3B4878}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mcinnis\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcinnis\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/08 13:46:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro37CrusaderBoot - F:\HitmanPro.exe /crusader:boot File not found
SafeBootMin: mcmscsvc -
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - Service
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro37CrusaderBoot - F:\HitmanPro.exe /crusader:boot File not found
SafeBootNet: McMPFSvc - Service
SafeBootNet: mcmscsvc -
SafeBootNet: MCODS -
SafeBootNet: mfefire - Driver
SafeBootNet: mfefirek - Driver
SafeBootNet: mfefirek.sys - Driver
SafeBootNet: mfehidk - Driver
SafeBootNet: mfehidk.sys - Driver
SafeBootNet: mfevtp - Driver
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINXP\system32\Rundll32.exe c:\WINXP\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINXP\system32\rundll32.exe C:\WINXP\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {BC006AF8-6C63-46EB-936D-C9BD279ADEE3} - att.net Toolbar
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E74478E4-6D75-4B05-8D11-5E61F74A5CE1} - NoIE8Tour
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINXP\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{610B1E05-FB82-4E4E-B2A3-1E0CC7741C49} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/31 14:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINXP\SWREG.exe
[2013/08/31 14:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINXP\SWSC.exe
[2013/08/31 14:32:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINXP\SWXCACLS.exe
[2013/08/31 14:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINXP\NIRCMD.exe
[2013/08/31 14:30:22 | 005,115,930 | R--- | C] (Swearware) -- C:\Documents and Settings\mcinnis\Desktop\ComboFix.exe
[2013/08/31 14:20:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/31 14:19:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
[2013/08/31 14:09:39 | 000,000,000 | ---D | C] -- C:\WINXP\ERUNT
[2013/08/31 14:08:35 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\mcinnis\Desktop\JRT.exe
[2013/08/31 13:53:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mcinnis\Recent
[2013/08/31 13:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\WebConnect
[2013/08/31 13:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Revo Uninstaller Pro
[2013/08/31 13:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/31 13:53:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\mcinnis\IECompatCache
[2013/08/31 10:55:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/26 18:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\RealNetworks
[2013/08/26 18:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/08/26 18:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\RealNetworks
[2013/08/26 18:36:14 | 038,501,472 | ---- | C] (RealNetworks, Inc.) -- C:\Documents and Settings\mcinnis\My Documents\RealPlayerSetup.exe
[2013/08/20 17:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\VideoLAN
[2013/08/20 17:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcinnis\Application Data\Mozilla
[2013/08/18 13:30:19 | 000,000,000 | ---D | C] -- C:\Joeseph
[2013/08/17 09:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\iTunes
[2013/08/17 09:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/15 19:50:19 | 001,067,096 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\mcinnis\My Documents\AdobeFlashPlayerActiveXSetup.exe
[2013/08/15 06:42:41 | 000,000,000 | ---D | C] -- C:\WINXP\System32\MRT
[2013/08/11 09:35:41 | 023,062,528 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\mcinnis\My Documents\WindowsInternetExplorerSetup.exe
[2013/08/06 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINXP\Application Data\VS Revo Group
[2 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/31 14:30:30 | 005,115,930 | R--- | M] (Swearware) -- C:\Documents and Settings\mcinnis\Desktop\ComboFix.exe
[2013/08/31 14:24:24 | 000,000,282 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/31 14:24:18 | 000,000,282 | ---- | M] () -- C:\WINXP\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/31 14:24:16 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/31 14:24:14 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013/08/31 14:24:12 | 000,000,304 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/31 14:23:25 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013/08/31 14:19:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcinnis\Desktop\OTL.exe
[2013/08/31 14:08:36 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\mcinnis\Desktop\JRT.exe
[2013/08/31 12:55:15 | 000,000,826 | ---- | M] () -- C:\WINXP\tasks\Adobe Flash Player Updater.job
[2013/08/31 12:34:23 | 000,000,312 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/31 10:20:45 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\fusioncache.dat
[2013/08/31 10:07:45 | 018,101,344 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\mcinnis\My Documents\AdobeAIRSetup.exe
[2013/08/31 07:41:01 | 000,000,284 | ---- | M] () -- C:\WINXP\tasks\AppleSoftwareUpdate.job
[2013/08/31 07:24:49 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\The Times.url
[2013/08/31 07:20:59 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Facebook.url
[2013/08/30 06:23:03 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Monroe News Star.url
[2013/08/30 06:09:00 | 000,000,290 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/27 09:48:00 | 000,000,330 | ---- | M] () -- C:\WINXP\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-583907252-261478967-725345543-1003.job
[2013/08/26 18:44:37 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\RealPlayer.lnk
[2013/08/26 18:39:59 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINXP\System32\rmoc3260.dll
[2013/08/26 18:39:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINXP\System32\pndx5016.dll
[2013/08/26 18:39:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINXP\System32\pndx5032.dll
[2013/08/26 18:39:37 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINXP\System32\pncrt.dll
[2013/08/26 18:36:12 | 038,501,472 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\mcinnis\My Documents\RealPlayerSetup.exe
[2013/08/26 18:35:19 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Continue RealPlayer Free Download Installation.lnk
[2013/08/25 09:24:17 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Google.url
[2013/08/24 10:20:17 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\FREE Online Slot Machines!.url
[2013/08/22 21:42:45 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Channel 3 News.url
[2013/08/22 16:56:54 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\(3) Candy Crush Saga on Facebook.url
[2013/08/22 06:04:24 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Louisiana Lottery Corporation.url
[2013/08/20 17:46:17 | 023,008,542 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\VLCmediaplayerSetup.exe
[2013/08/18 19:07:21 | 000,066,029 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\August 2013 M&A.pdf
[2013/08/18 19:06:19 | 000,164,792 | ---- | M] () -- C:\Documents and Settings\mcinnis\My Documents\Activities report august 2013.pdf
[2013/08/18 18:46:46 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Lions Intl..url
[2013/08/18 12:35:29 | 000,000,027 | ---- | M] () -- C:\WINXP\System32\drivers\etc\hosts
[2013/08/18 10:41:31 | 023,062,528 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\mcinnis\My Documents\WindowsInternetExplorerSetup.exe
[2013/08/18 09:08:09 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Microsoft Office Outlook 2003.lnk
[2013/08/17 09:11:34 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\iTunes.lnk
[2013/08/15 19:52:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerApp.exe
[2013/08/15 19:52:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2013/08/15 19:49:43 | 001,067,096 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\mcinnis\My Documents\AdobeFlashPlayerActiveXSetup.exe
[2013/08/15 06:40:44 | 000,444,490 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2013/08/15 06:40:44 | 000,072,622 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2013/08/15 06:34:58 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Channel 12 News.url
[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wmvdecod.dll
[2013/08/02 17:14:58 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\mcinnis\Desktop\Microsoft Office Word 2003.lnk
[2 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/31 14:32:26 | 000,208,896 | ---- | C] () -- C:\WINXP\MBR.exe
[2013/08/31 14:32:26 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe
[2013/08/31 14:32:26 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe
[2013/08/31 14:32:26 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe
[2013/08/31 10:20:45 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\fusioncache.dat
[2013/08/26 18:44:37 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\RealPlayer.lnk
[2013/08/26 18:35:19 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\mcinnis\Desktop\Continue RealPlayer Free Download Installation.lnk
[2013/08/22 16:56:54 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\mcinnis\Desktop\(3) Candy Crush Saga on Facebook.url
[2013/08/20 17:46:21 | 023,008,542 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\VLCmediaplayerSetup.exe
[2013/08/18 19:07:21 | 000,066,029 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\August 2013 M&A.pdf
[2013/08/18 19:06:19 | 000,164,792 | ---- | C] () -- C:\Documents and Settings\mcinnis\My Documents\Activities report august 2013.pdf
[2013/08/17 09:11:34 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\iTunes.lnk
[2013/07/19 17:55:42 | 000,013,464 | ---- | C] () -- C:\WINXP\System32\drivers\SWDUMon.sys
[2013/05/03 21:28:05 | 000,256,000 | ---- | C] () -- C:\WINXP\PEV.exe
[2013/05/03 21:08:04 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\1.bmp
[2013/05/03 21:07:36 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\1.jpg
[2013/03/31 06:37:01 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2012/09/30 17:52:59 | 000,000,527 | ---- | C] () -- C:\WINXP\ULEAD32.INI
[2012/08/10 16:12:18 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\dt.dat
[2012/06/17 16:02:37 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011/11/14 13:31:43 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat
[2011/01/10 14:54:01 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 18:44:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mcinnis\Local Settings\Application Data\PUTTY.RND
[2008/04/25 16:42:40 | 000,161,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== ZeroAccess Check ==========

[2010/06/08 14:03:32 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/09 23:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3500620AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: KODAK SD/MMC card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 55.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 57576960
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/08/18 10:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\1O1L1I1PtF1F1C1N
[2011/12/07 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\9A33A
[2012/11/17 08:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Adobe
[2012/07/17 23:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Apple Computer
[2011/01/11 12:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\ArcSoft
[2013/07/03 16:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Atomic Alarm Clock 6
[2010/06/08 14:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Autodesk
[2012/01/12 14:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\AVG2012
[2012/10/01 19:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\AVG2013
[2012/08/24 17:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/19 05:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\DAEMON Tools Lite
[2012/11/10 14:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\dvdcss
[2013/03/30 18:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\encyclopediabritannicagamesbar
[2012/10/28 14:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FolderSync
[2012/07/13 22:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeBurner
[2013/03/31 11:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeFileViewer
[2011/12/10 09:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\FreeFixer
[2012/10/08 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Garmin
[2012/06/24 13:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Google
[2011/01/11 08:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\HP
[2010/06/03 14:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Identities
[2012/09/18 15:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Intelli-studio
[2010/06/08 13:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Macromedia
[2012/07/14 18:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Malwarebytes
[2012/09/28 12:40:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\mcinnis\Application Data\Microsoft
[2013/08/20 17:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Mozilla
[2012/10/25 20:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\OutlookSync
[2011/10/03 08:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\PDF Viewer
[2012/12/14 14:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Real
[2013/08/26 18:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\RealNetworks
[2012/12/01 17:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\SBG-SVG
[2013/07/22 20:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\ShopAtHome
[2011/03/31 08:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Sun
[2012/10/25 20:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Targus
[2012/10/01 19:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\TuneUp Software
[2011/01/18 17:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\U3
[2013/03/30 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\VisicomToolBar
[2013/06/17 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\vlc
[2010/12/22 11:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcinnis\Application Data\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp2.cab:atapi.sys
[2010/06/03 15:50:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys
[2010/06/03 15:50:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINXP\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINXP\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINXP\ServicePackFiles\i386\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINXP\system32\csrss.exe
[2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINXP\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINXP\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINXP\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINXP\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINXP\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINXP\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINXP\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINXP\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINXP\ERDNT\cache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINXP\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINXP\system32\mswsock.dll
[2008/04/14 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINXP\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINXP\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINXP\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINXP\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 07:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINXP\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINXP\system32\nwprovau.dll
[2004/08/04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINXP\$NtServicePackUninstall$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINXP\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/14 07:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINXP\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINXP\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/14 07:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINXP\ServicePackFiles\i386\rsvpsp.dll
[2008/04/13 19:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINXP\system32\rsvpsp.dll
[2004/08/04 05:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINXP\$NtServicePackUninstall$\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINXP\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINXP\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINXP\ServicePackFiles\i386\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINXP\$NtServicePackUninstall$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINXP\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINXP\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINXP\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINXP\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINXP\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINXP\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINXP\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINXP\ERDNT\cache\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINXP\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINXP\system32\user32.dll
[2004/08/04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINXP\$NtServicePackUninstall$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINXP\$NtServicePackUninstall$\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINXP\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINXP\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINXP\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINXP\$NtServicePackUninstall$\winrnr.dll
[2008/04/14 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINXP\ServicePackFiles\i386\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINXP\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 9A33-AF76
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/15/2009 03:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/15/2009 03:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINXP\assembly\GAC_32\System.EnterpriseServices
08/15/2013 06:40 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINXP\assembly\GAC_MSIL\IEExecRemote
08/15/2013 06:40 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 446,022,090,752 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINXP\system32\ie4uinit.exe" -reinstall [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -hide [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -show [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINXP\system32\ie4uinit.exe" -reinstall [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -hide [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINXP\system32\ie4uinit.exe" -show [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/13 19:12:17 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2008/04/14 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 06:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 07:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 06:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2008/04/14 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2008/04/14 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/13 19:12:31 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2008/04/14 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2008/04/14 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2008/04/14 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2008/04/14 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2008/04/14 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2008/04/14 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2008/04/14 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2008/04/14 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2008/04/14 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2008/04/14 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2008/04/14 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2008/04/14 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2008/04/14 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2008/04/14 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2008/04/14 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2008/04/14 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2008/04/14 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2008/04/14 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2008/04/14 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2008/04/14 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2008/04/14 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2008/04/14 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2008/04/14 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2008/04/14 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2008/04/14 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2008/04/14 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2008/04/14 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2008/04/14 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2008/04/14 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2008/04/14 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2008/04/14 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2008/04/14 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2008/04/14 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2008/04/14 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2008/04/14 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2008/04/14 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2008/04/14 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2008/04/14 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2008/04/14 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2008/04/14 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2008/04/14 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2008/04/14 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2008/04/14 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2008/04/14 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2008/04/14 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2008/04/14 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2008/04/14 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2008/04/14 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2008/04/14 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2008/04/14 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2008/04/14 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2008/04/14 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2008/04/14 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2008/04/14 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2008/04/14 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2008/04/14 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2008/04/14 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2008/04/14 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2008/04/14 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2008/04/14 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2008/04/14 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2008/04/14 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2008/04/14 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2008/04/14 07:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >

OTL Extras logfile created on: 8/31/2013 2:48:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mcinnis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.31% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 465.71 Gb Total Space | 415.42 Gb Free Space | 89.20% Space Free | Partition Type: NTFS

Computer Name: TOMMYSDELL | User Name: mcinnis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINXP\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINXP\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINXP\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINXP\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINXP\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINXP\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINXP\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINXP\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINXP\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = DWGTrueViewScriptFile] -- C:\WINXP\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINXP\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINXP\system32\rundll32.exe" "C:\WINXP\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINXP\system32\rundll32.exe" "C:\WINXP\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINXP\system32\rundll32.exe" "C:\WINXP\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\mcinnis\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\File Type Assistant\TSAssist.exe" = C:\Program Files\File Type Assistant\TSAssist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAD36D74-C78A-4753-84DB-13FBB4FEA65C}" = PhotoStudio Expressions
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DWG TrueView 2011" = DWG TrueView 2011
"Free File Opener_is1" = Free File Opener v2011.7.0.1
"FreeFileViewer_is1" = Free File Viewer 2012
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Viewer" = PDF Viewer 0.1
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 16.0" = RealPlayer
"ShopAtHome.com Helper" = ShopAtHome.com Helper
"TPSBCP3_is1" = The Print Shop Business - Business Cards Premier 3.0.0.0
"Trusted Software Assistant_is1" = File Type Assistant
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"VLC media player" = VLC media player 2.0.8
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe AIR Free Download Packages" = Adobe AIR Free Download Packages
"Google Earth Free Download Packages" = Google Earth Free Download Packages
"VLC media player Free Download Packages" = VLC media player Free Download Packages
"Windows Internet Explorer Free Download Packages" = Windows Internet Explorer Free Download Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2013 11:41:16 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 11:56:04 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 1:08:16 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 2:58:24 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 11706
Description =

Error - 8/31/2013 2:58:25 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 1023
Description =

Error - 8/31/2013 2:58:26 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 8/31/2013 11:41:16 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 11:56:04 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 1:08:16 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 2:58:24 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 11706
Description =

Error - 8/31/2013 2:58:25 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 1023
Description =

Error - 8/31/2013 2:58:26 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 8/31/2013 11:41:16 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 11:56:04 AM | Computer Name = TOMMYSDELL | Source = CltMngSvc | ID = 1000
Description =

Error - 8/31/2013 1:08:16 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 2:58:24 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 11706
Description =

Error - 8/31/2013 2:58:25 PM | Computer Name = TOMMYSDELL | Source = MsiInstaller | ID = 1023
Description =

Error - 8/31/2013 2:58:26 PM | Computer Name = TOMMYSDELL | Source = NativeWrapper | ID = 5000
Description =

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 8/31/2013 3:38:27 PM | Computer Name = TOMMYSDELL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2

Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 2:59:31 PM | Computer Name = TOMMYSDELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error - 8/31/2013 3:09:52 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7034
Description = The Search Protect by Conduit Updater service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The HitmanPro 3.7 Crusader (Boot) service failed to start due to the
following error: %%3

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 3:24:23 PM | Computer Name = TOMMYSDELL | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

[ System Events ]
Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2

Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 2:56:07 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 2:59:31 PM | Computer Name = TOMMYSDELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error - 8/31/2013 3:09:52 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7034
Description = The Search Protect by Conduit Updater service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The HitmanPro 3.7 Crusader (Boot) service failed to start due to the
following error: %%3

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7000
Description = The MOBCleanup service failed to start due to the following error:
%%2

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 3:23:53 PM | Computer Name = TOMMYSDELL | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 8/31/2013 3:24:23 PM | Computer Name = TOMMYSDELL | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >


Process Explorer

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 99.22 0 K 28 K 0
Interrupts 0.78 0 K 0 K n/a Hardware Interrupts and DPCs
wuauclt.exe 2,232 K 4,132 K 2456 Windows Update Microsoft Corporation
wscntfy.exe 500 K 2,088 K 2388 Windows Security Center Notification App Microsoft Corporation
wmiprvse.exe 1,948 K 5,008 K 908 WMI Microsoft Corporation
winlogon.exe 6,536 K 2,984 K 952 Windows NT Logon Application Microsoft Corporation
updateWebConnect.exe 15,344 K 15,304 K 2232
System 0 K 388 K 4
svchost.exe 3,196 K 5,196 K 1196 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,948 K 4,592 K 1264 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 14,320 K 25,132 K 1360 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,360 K 3,660 K 1484 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,588 K 4,056 K 1524 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1,328 K 3,852 K 1836 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,988 K 5,784 K 592 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2,656 K 4,744 K 2180 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 5,688 K 7,532 K 1704 Spooler SubSystem App Microsoft Corporation
smss.exe 176 K 436 K 660 Windows NT Session Manager Microsoft Corporation
services.exe 3,712 K 6,884 K 996 Services and Controller app Microsoft Corporation
RTHDCPL.EXE 22,520 K 21,804 K 3680 Realtek HD Audio Control Panel Realtek Semiconductor Corp.
rndlresolversvc.exe 656 K 2,364 K 2092
realsched.exe 928 K 248 K 3820 RealNetworks Scheduler RealNetworks, Inc.
procexp.exe 12,408 K 17,656 K 2428 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mDNSResponder.exe 964 K 3,020 K 2000 Bonjour Service Apple Inc.
MDM.EXE 952 K 2,928 K 176 Machine Debug Manager Microsoft Corporation
McciCMService.exe 1,992 K 4,044 K 1584 mcci+McciCMService Alcatel-Lucent
lsass.exe 3,964 K 992 K 1008 LSA Shell (Export Version) Microsoft Corporation
jusched.exe 820 K 2,920 K 3768 Java™ Update Scheduler Oracle Corporation
jqs.exe 2,268 K 1,460 K 1408 Java Quick Starter Service Oracle Corporation
iTunesHelper.exe 11,132 K 15,468 K 3800 iTunesHelper Apple Inc.
iPodService.exe 2,472 K 4,156 K 2332 iPodService Module (32-bit) Apple Inc.
igfxtray.exe 916 K 3,360 K 3588 igfxTray Module Intel Corporation
igfxsrvc.exe 976 K 3,072 K 3736 igfxsrvc Module Intel Corporation
igfxpers.exe 660 K 2,712 K 3616 persistence Module Intel Corporation
hkcmd.exe 908 K 3,352 K 3604 hkcmd Module Intel Corporation
GoogleUpdate.exe 3,608 K 1,948 K 536 Google Installer Google Inc.
GoogleCrashHandler.exe 1,876 K 552 K 1220 Google Crash Handler Google Inc.
explorer.exe 26,612 K 37,152 K 3324 Windows Explorer Microsoft Corporation
EKIJ5000MUI.exe 1,648 K 4,144 K 3708 Status Monitor for KODAK AiO Printer (32-Bit Intel® Pentium™ 4 Optimized Build) Eastman Kodak Company
csrss.exe 1,844 K 5,180 K 928 Client Server Runtime Process Microsoft Corporation
avgwdsvc.exe 6,212 K 14,700 K 1968 AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgui.exe 4,152 K 9,268 K 3740 AVG User Interface AVG Technologies CZ, s.r.o.
AppleMobileDeviceService.exe 10,312 K 14,020 K 1892 MobileDeviceService Apple Inc.
alg.exe 1,192 K 3,636 K 2576 Application Layer Gateway Service Microsoft Corporation
ACService.exe 788 K 2,456 K 1876 ArcSoft Connect Service ArcSoft Inc.
ACDaemon.exe 1,552 K 4,752 K 3700 ArcSoft Connect Daemon ArcSoft Inc.




  • 0

Advertisements

#11
tjmcs
Posted 31 August 2013 - 07:18 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Is Speccy supposed to be this long?

joe


  • 0

#12
tjmcs
Posted 31 August 2013 - 07:20 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Event Viewer logs

Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/08/2013 5:38:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/08/2013 5:21:20 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 31/08/2013 5:21:20 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 31/08/2013 5:21:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MOBCleanup service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 31/08/2013 5:21:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 31/08/2013 5:38:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


joe


  • 0

#13
RKinner
Posted 01 September 2013 - 09:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINXP\TEMP\MOBCleanup.exe -- (MOBCleanup)
SRV - File not found [Auto | Stopped] -- F:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot)
DRV - File not found [Kernel | System | Stopped] -- C:\WINXP\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\mcinnis\LOCALS~1\Temp\catchme.sys -- (catchme)
SafeBootMin: hitmanpro37 - Reg Error: Value error.
SafeBootMin: hitmanpro37.sys - Reg Error: Value error.
SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro37CrusaderBoot - F:\HitmanPro.exe /crusader:boot File not found
SafeBootMin: MCODS - 
SafeBootNet: hitmanpro37 - Reg Error: Value error.
SafeBootNet: hitmanpro37.sys - Reg Error: Value error.
SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro37CrusaderBoot - F:\HitmanPro.exe /crusader:boot File not found
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS -
SafeBootNet: mfefire - Driver
SafeBootNet: mfefirek - Driver
SafeBootNet: mfefirek.sys - Driver
SafeBootNet: mfehidk - Driver
SafeBootNet: mfehidk.sys - Driver
SafeBootNet: mfevtp - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text in the code box:

nnetsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

How is it running now?
  • 0

#14
tjmcs
Posted 01 September 2013 - 07:02 PM

tjmcs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Dad told me of a marked increase in internet speed with what was done Saturday. I will try to do next step sometime Monday.

joe
  • 0

#15
RKinner
Posted 01 September 2013 - 07:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
These changes will mostly make it boot faster. Removing some McAfee and HitMan residue.

If you are providing remote support for your dad then you might want to install TeamViewer on his PC next time you are there. It's a great little free program that will let you logon to his PC from your PC anytime you want. http://www.teamviewe...m/en/index.aspx
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP