Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow; blue screens/dumps; TCP/IP security limits reached... [Solved]


  • This topic is locked This topic is locked

#1
shelovestomuse

shelovestomuse

    Member

  • Member
  • PipPipPip
  • 121 posts
Howdy!

My computer's been very sluggish for a while. I use Microsoft Security Essentials and scan regularly. Twice now it's gone to the blue screen "dump" message, the most recent being a little over an hour ago.

The event viewer gives this message:

"The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xbf862272, 0xa9fc5ae4, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini092013-01.dmp."

Also found this message in the Event Viewer:

"The Remote Access Connection Manager service entered the running state."

Not sure if that's significant. I don't have the box for "Allow users to connect remotely to this computer" checked.

Additionally, this message appears twice in the Event Viewer from yesterday, four times the day before (9/17):

"TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts."

I'm currently running a full scan with MSE.

I'll greatly appreciate your help. :)


Here is the log from OTL:



OTL logfile created on: 9/20/2013 7:41:57 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Charlotte Watson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 147.23 Mb Available Physical Memory | 14.51% Memory free
2.38 Gb Paging File | 1.33 Gb Available in Paging File | 55.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 36.36 Gb Free Space | 48.83% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Charlotte Watson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/20 07:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
PRC - [2013/09/16 22:21:30 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 20:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/13 19:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/16 22:21:27 | 000,410,576 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppgooglenaclpluginchrome.dll
MOD - [2013/09/16 22:21:26 | 013,611,984 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
MOD - [2013/09/16 22:21:25 | 004,053,456 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll
MOD - [2013/09/16 22:20:31 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
MOD - [2013/07/06 15:02:56 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/07/06 15:02:56 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/04/14 19:40:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcfcoms.exe -- (dlcf_device)
SRV - [2013/09/20 07:40:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\[email protected] -- (Pcmcia)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/22 17:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/08 17:35:14 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/28 05:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2004/01/28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SilvrLnk.sys -- (SilverLink)
DRV - [2002/06/21 18:42:50 | 000,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070417
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000019b96ab8a5
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{002AA7F1-4780-4572-9271-D6FA743736E7}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000019b96ab8a5
IE - HKCU\..\SearchScopes\{6609D29C-A472-4B41-868D-D99E142C3B4F}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKCU\..\SearchScopes\{D653D0BB-FE18-4FE4-B01F-327C206104D7}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...000019b96ab8a5"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:7
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..keyword.URL: "http://search.babylo...019b96ab8a5&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks [2010/01/27 08:45:35 | 000,000,000 | ---D | M]

[2009/09/15 19:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Extensions
[2012/09/28 09:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\extensions
[2012/09/28 09:54:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\extensions\[email protected]
[2010/01/27 08:45:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHARLOTTE WATSON\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.babylo...0000019b96ab8a5
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Java™ Platform SE 6 U37 (Disabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Disabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/10/10 17:54:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Charlotte Watson\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: avg.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jamesavery.com ([secure] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: tamu.edu ([email] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tamu.edu ([library.tamu.edu.ezproxy] http in Trusted sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab (iCC Class)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD96F354-BF97-44D8-80D8-DC4D5D76EA91}: DhcpNameServer = 192.168.1.1 68.238.96.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 07:41:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
[2013/08/29 23:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/08/29 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/29 23:29:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/29 23:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/24 14:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Temp

========== Files - Modified Within 30 Days ==========

[2013/09/20 07:47:05 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005UA.job
[2013/09/20 07:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
[2013/09/20 07:40:29 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/20 07:13:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/20 07:04:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/20 07:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/20 07:03:44 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 06:40:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/09/19 18:55:24 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/19 18:55:23 | 000,002,365 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Google Chrome.lnk
[2013/09/18 13:47:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005Core.job
[2013/09/14 09:43:12 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Microsoft Word.lnk
[2013/09/11 16:03:01 | 000,112,402 | ---- | M] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Ladies of TABC.pdf
[2013/09/11 15:54:09 | 000,205,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/11 07:07:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/05 22:45:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/29 23:31:38 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2013/09/11 16:02:56 | 000,112,402 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Desktop\Ladies of TABC.pdf
[2013/08/29 23:31:38 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/04/22 17:48:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2013/04/14 19:40:48 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2013/04/14 19:40:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/09/03 22:07:04 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\dt.dat
[2012/02/25 00:09:59 | 001,424,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2447034510-1578476889-3553571194-1005-0.dat
[2012/02/24 13:07:05 | 000,184,058 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/24 12:57:55 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 07:54:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/27 14:47:29 | 000,007,052 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/04/30 17:48:49 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2009/01/26 08:38:35 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\fusioncache.dat
[2008/03/05 18:34:20 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\webct_upload_applet.properties
[2007/10/19 15:17:14 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/10 12:45:35 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Charlotte Watson\Application Data\lp.xml
[2007/04/17 20:11:23 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/29 23:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/19 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1(2)
[2013/06/19 11:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/09/28 09:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/08/20 10:51:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/27 11:10:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/03/03 21:52:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/02/27 11:10:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/02/27 11:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2012/03/03 22:02:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/02/27 11:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/04/30 11:13:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/01/24 20:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2013/06/19 11:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/09/28 08:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/04/22 17:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013/06/19 12:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/02/04 19:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2013/08/22 06:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/18 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/25 13:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/13 18:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/09/28 09:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Babylon
[2012/03/03 22:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Canon
[2012/02/27 11:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Canon Easy-WebPrint EX
[2012/07/28 20:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\CoreFTP
[2011/11/19 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\ElevatedDiagnostics
[2010/03/05 18:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\IrfanView
[2013/04/22 17:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\pdf995
[2013/02/04 19:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\TaxCut
[2010/08/09 15:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlotte Watson\Application Data\Uniblue

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/05/11 09:34:26 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?A) -- C:\WINDOWS\System32\竸Ă
[2011/05/11 09:34:26 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?A) -- C:\WINDOWS\System32\竸Ă

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello shelovestomuse,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 32-bit one will be the right version for your machine.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Thank you, Emerald. Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013 01
Ran by Charlotte Watson (administrator) on LAPTOP on 23-09-2013 18:39:51
Running from C:\Documents and Settings\Charlotte Watson\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\stsystra.exe [282624 2006-03-24] (SigmaTel, Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-11-27] (Google Inc.)
HKU\Administrator\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\Default User\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netWaiting.exe [ 2003-09-10] ()
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000019b96ab8a5
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg....q={searchTerms}
SearchScopes: HKCU - {002AA7F1-4780-4572-9271-D6FA743736E7} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0000019b96ab8a5
SearchScopes: HKCU - {6609D29C-A472-4B41-868D-D99E142C3B4F} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg....q={searchTerms}
SearchScopes: HKCU - {D653D0BB-FE18-4FE4-B01F-327C206104D7} URL = http://search.yahoo....p={SearchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.96.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default
FF user.js: detected! => C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=NT_ss&mntrId=e4c075f80000000000000019b96ab8a5
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=HP_ss&mntrId=e4c075f80000000000000019b96ab8a5
FF Keyword.URL: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=KW_ss&mntrId=e4c075f80000000000000019b96ab8a5&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYVerInfo.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Babylon - C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks

Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=HP_ss&mntrId=e4c075f80000000000000019b96ab8a5
CHR RestoreOnStartup: "https://www.facebook.com/", "https://mail.google..../?shva=1#inbox", "hxxp://us.mg205.mail.yahoo.com/neo/launch?.partner=vz-acs&.rand=1d2a80rs53hsc", "hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1", "hxxp://collegestation.craigslist.org/", "hxxp://www.shopgoodwill.com/", "hxxp://forecast.weather.gov/MapClick.php?CityName=College+Station&state=TX&site=HGX&lat=30.6005&lon=-96.3124", "hxxp://www.weather.com/weather/monthly/USTX1439", "hxxp://pinterest.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S3 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-22] (Dell Inc.)
S3 dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe -service [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2006-11-22] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1364574 2005-12-13] (Intel Corporation)
R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8224 2002-06-21] (MicroStaff Co.,Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl4fe5a980; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\MpKsl4fe5a980.sys [40392 2013-09-23] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation)
R0 Pcmcia; C:\Windows\System32\DRIVERS\[email protected] [120192 2008-04-13] (Microsoft Corporation)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 AVGIDSFilter; system32\DRIVERS\avgidsfilterx.sys [x]
S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 18:39 - 2013-09-23 18:39 - 00000000 ___DC C:\FRST
2013-09-23 18:34 - 2013-09-23 18:35 - 01088385 _____ (Farbar) C:\Documents and Settings\Charlotte Watson\Desktop\FRST.exe
2013-09-20 13:13 - 2013-09-20 13:13 - 00259584 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTH.exe
2013-09-20 07:50 - 2013-09-20 07:50 - 00079580 _____ C:\Documents and Settings\Charlotte Watson\Desktop\OTL.Txt
2013-09-20 07:41 - 2013-09-20 07:41 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
2013-09-20 07:03 - 2013-09-20 07:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini092013-01.dmp
2013-09-11 07:08 - 2013-09-11 07:08 - 00012239 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 06:14 - 2013-09-11 07:07 - 00010435 _____ C:\WINDOWS\KB2876315.log
2013-09-11 06:14 - 2013-09-11 07:07 - 00009438 _____ C:\WINDOWS\KB2876217.log
2013-09-11 06:13 - 2013-09-11 07:07 - 00009390 _____ C:\WINDOWS\KB2864063.log
2013-08-29 23:31 - 2013-08-29 23:31 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-08-29 23:31 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-08-29 23:29 - 2013-08-29 23:31 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 23:29 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-29 23:29 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iPod
2013-08-28 07:01 - 2013-08-28 07:01 - 00004164 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 07:01 - 2013-08-28 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

==================== One Month Modified Files and Folders =======

2013-09-23 18:39 - 2013-09-23 18:39 - 00000000 ___DC C:\FRST
2013-09-23 18:39 - 2012-04-28 17:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-23 18:37 - 2008-06-21 09:52 - 00000645 _____ C:\WINDOWS\wiadebug.log
2013-09-23 18:37 - 2007-04-24 09:08 - 00002483 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Microsoft Word.lnk
2013-09-23 18:35 - 2013-09-23 18:34 - 01088385 _____ (Farbar) C:\Documents and Settings\Charlotte Watson\Desktop\FRST.exe
2013-09-23 17:47 - 2011-11-27 08:52 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005UA.job
2013-09-23 17:31 - 2010-12-30 19:44 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Briana
2013-09-23 16:24 - 2007-10-19 15:17 - 00084992 _____ C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 13:47 - 2011-11-27 08:52 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005Core.job
2013-09-23 10:23 - 2004-08-11 17:13 - 01504381 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-23 10:10 - 2013-07-10 23:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-09-23 09:03 - 2012-07-24 19:45 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\SP
2013-09-23 07:18 - 2008-06-21 09:52 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-23 07:18 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-23 07:17 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-22 22:41 - 2004-08-11 17:20 - 00032382 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-22 22:40 - 2007-04-23 17:22 - 00000278 ___SH C:\Documents and Settings\Charlotte Watson\ntuser.ini
2013-09-20 13:37 - 2007-04-23 17:22 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Start Menu\Programs\Accessories
2013-09-20 13:31 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2013-09-20 13:13 - 2013-09-20 13:13 - 00259584 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTH.exe
2013-09-20 12:56 - 2004-08-11 17:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-20 07:50 - 2013-09-20 07:50 - 00079580 _____ C:\Documents and Settings\Charlotte Watson\Desktop\OTL.Txt
2013-09-20 07:41 - 2013-09-20 07:41 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
2013-09-20 07:40 - 2012-04-28 17:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-20 07:40 - 2011-06-14 07:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-20 07:03 - 2013-09-20 07:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini092013-01.dmp
2013-09-20 07:03 - 2007-06-04 06:54 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-20 06:40 - 2011-11-15 07:40 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2013-09-19 18:55 - 2011-11-27 09:01 - 00002365 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Google Chrome.lnk
2013-09-17 08:53 - 2007-11-05 07:49 - 00000000 ___SD C:\Documents and Settings\Charlotte Watson\My Documents\My Data Sources
2013-09-14 10:50 - 2012-02-07 11:53 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Sergio
2013-09-11 15:59 - 2012-05-16 21:10 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-09-11 15:58 - 2007-05-02 09:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-11 15:54 - 2004-08-11 17:06 - 00205712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 07:08 - 2013-09-11 07:08 - 00012239 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 07:08 - 2011-06-16 08:11 - 00063441 _____ C:\WINDOWS\updspapi.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00845862 _____ C:\WINDOWS\iis6.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00785128 _____ C:\WINDOWS\FaxSetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00381930 _____ C:\WINDOWS\ocgen.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00360045 _____ C:\WINDOWS\tsoc.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00261403 _____ C:\WINDOWS\comsetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00238804 _____ C:\WINDOWS\msmqinst.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00158641 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00138050 _____ C:\WINDOWS\netfxocm.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00054269 _____ C:\WINDOWS\MedCtrOC.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00043707 _____ C:\WINDOWS\ocmsn.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00039497 _____ C:\WINDOWS\tabletoc.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00039413 _____ C:\WINDOWS\msgsocm.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 07:07 - 2013-09-11 06:14 - 00010435 _____ C:\WINDOWS\KB2876315.log
2013-09-11 07:07 - 2013-09-11 06:14 - 00009438 _____ C:\WINDOWS\KB2876217.log
2013-09-11 07:07 - 2013-09-11 06:13 - 00009390 _____ C:\WINDOWS\KB2864063.log
2013-09-11 07:07 - 2008-10-24 07:00 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 07:04 - 2013-07-25 22:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 07:01 - 2007-05-01 18:33 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-05 22:45 - 2011-07-06 13:11 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-04 18:44 - 2009-08-22 09:51 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Spanish Homeschool
2013-08-29 23:31 - 2013-08-29 23:31 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-08-29 23:31 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-08-29 23:31 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 23:31 - 2013-08-29 23:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-29 23:29 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iPod
2013-08-29 23:29 - 2009-04-13 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-28 07:01 - 2013-08-28 07:01 - 00004164 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 07:01 - 2013-08-28 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-24 13:14 - 2011-09-19 13:55 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Bryan_School

Some content of TEMP:
====================
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\APNStub.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\avguidx.dll
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\MachineIdCreator.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\MSETUP4.EXE
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{00F11739-2AC4-460C-AB05-639F96C4E1E8}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{1110CFFC-E865-47CC-B7B6-20371392442F}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{297AC320-59A7-49F4-8939-C97F9F6E25C7}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{B5CB959E-4436-4C9A-B9CD-1AE010078DD3}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



Additional Log follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013 01
Ran by Charlotte Watson at 2013-09-23 18:41:55
Running from C:\Documents and Settings\Charlotte Watson\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Core FTP LE 2.1
Google Chrome (HKCU Version: 29.0.1547.76)
H&R Block Deluxe + Efile 2012 (Version: 12.04.7803)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 14.0.8089.726)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Move Media Player
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
QuickTime (Version: 7.74.80.86)
Safari (Version: 5.34.52.7)
Segoe UI (Version: 14.0.4327.805)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows PowerShell™ 1.0 (Version: 2)

==================== Restore Points =========================

23-07-2013 11:51:39 Software Distribution Service 3.0
24-07-2013 13:00:00 Software Distribution Service 3.0
25-07-2013 14:02:21 System Checkpoint
26-07-2013 03:57:36 Software Distribution Service 3.0
26-07-2013 15:18:26 Software Distribution Service 3.0
27-07-2013 15:19:05 System Checkpoint
28-07-2013 13:11:09 Software Distribution Service 3.0
29-07-2013 13:27:12 Software Distribution Service 3.0
29-07-2013 14:33:52 Software Distribution Service 3.0
30-07-2013 14:51:35 Software Distribution Service 3.0
31-07-2013 23:05:21 System Checkpoint
01-08-2013 14:51:03 Software Distribution Service 3.0
02-08-2013 22:09:45 System Checkpoint
03-08-2013 11:51:21 Software Distribution Service 3.0
04-08-2013 14:08:06 Software Distribution Service 3.0
05-08-2013 14:49:22 Software Distribution Service 3.0
06-08-2013 23:54:56 System Checkpoint
07-08-2013 13:24:19 Software Distribution Service 3.0
08-08-2013 22:03:35 System Checkpoint
09-08-2013 12:25:13 Software Distribution Service 3.0
10-08-2013 12:36:59 Software Distribution Service 3.0
11-08-2013 14:00:44 Software Distribution Service 3.0
12-08-2013 15:22:54 Software Distribution Service 3.0
14-08-2013 01:11:11 System Checkpoint
14-08-2013 12:37:29 Software Distribution Service 3.0
14-08-2013 12:52:26 Software Distribution Service 3.0
15-08-2013 20:21:47 Software Distribution Service 3.0
16-08-2013 22:18:44 System Checkpoint
17-08-2013 11:57:52 Software Distribution Service 3.0
18-08-2013 13:31:47 Software Distribution Service 3.0
19-08-2013 14:56:23 Software Distribution Service 3.0
20-08-2013 20:21:31 Software Distribution Service 3.0
21-08-2013 23:29:01 System Checkpoint
22-08-2013 11:02:35 Software Distribution Service 3.0
23-08-2013 15:10:22 System Checkpoint
24-08-2013 14:07:33 Software Distribution Service 3.0
25-08-2013 14:22:05 System Checkpoint
26-08-2013 12:15:43 Software Distribution Service 3.0
26-08-2013 15:20:59 Software Distribution Service 3.0
27-08-2013 21:37:28 System Checkpoint
28-08-2013 11:58:10 Software Distribution Service 3.0
28-08-2013 12:01:14 Software Distribution Service 3.0
29-08-2013 23:25:36 Software Distribution Service 3.0
31-08-2013 13:39:02 Software Distribution Service 3.0
01-09-2013 13:43:25 Software Distribution Service 3.0
02-09-2013 13:48:27 Software Distribution Service 3.0
02-09-2013 15:18:16 Software Distribution Service 3.0
03-09-2013 21:43:54 System Checkpoint
04-09-2013 12:19:08 Software Distribution Service 3.0
05-09-2013 13:04:33 Software Distribution Service 3.0
05-09-2013 23:43:24 Software Distribution Service 3.0
06-09-2013 23:58:14 System Checkpoint
07-09-2013 11:22:18 Software Distribution Service 3.0
08-09-2013 13:28:28 System Checkpoint
09-09-2013 11:18:31 Software Distribution Service 3.0
09-09-2013 15:24:53 Software Distribution Service 3.0
10-09-2013 21:05:58 System Checkpoint
11-09-2013 11:17:49 Software Distribution Service 3.0
11-09-2013 12:00:25 Software Distribution Service 3.0
12-09-2013 10:40:23 Software Distribution Service 3.0
12-09-2013 11:58:20 Software Distribution Service 3.0
12-09-2013 12:00:16 Software Distribution Service 3.0
12-09-2013 12:36:17 Software Distribution Service 3.0
12-09-2013 12:55:19 Software Distribution Service 3.0
12-09-2013 20:30:22 Software Distribution Service 3.0
12-09-2013 20:38:18 Software Distribution Service 3.0
13-09-2013 03:20:47 Software Distribution Service 3.0
13-09-2013 11:16:31 Software Distribution Service 3.0
13-09-2013 12:00:22 Software Distribution Service 3.0
14-09-2013 02:51:30 Software Distribution Service 3.0
14-09-2013 13:29:32 Software Distribution Service 3.0
15-09-2013 18:17:18 Software Distribution Service 3.0
16-09-2013 14:37:28 Software Distribution Service 3.0
17-09-2013 15:37:25 System Checkpoint
17-09-2013 23:15:44 Software Distribution Service 3.0
19-09-2013 11:18:20 Software Distribution Service 3.0
20-09-2013 11:20:22 Software Distribution Service 3.0
21-09-2013 13:59:29 Software Distribution Service 3.0
22-09-2013 23:15:40 System Checkpoint
23-09-2013 12:29:06 Software Distribution Service 3.0
23-09-2013 15:12:59 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-11 17:00 - 2011-10-10 17:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005Core.job => C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005UA.job => C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2007-04-17 20:11 - 2006-11-22 17:31 - 00770048 _____ (Dell Inc.) C:\WINDOWS\System32\BCMLogon.dll
2013-09-23 10:13 - 2013-09-05 00:02 - 07328304 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\mpengine.dll
2013-09-23 10:18 - 2013-09-23 10:18 - 00060872 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\offreg.dll
2004-08-11 17:11 - 2008-04-13 19:12 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wbemcons.dll
2007-05-02 08:52 - 2005-11-30 05:00 - 00140288 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM4W.DLL
2009-08-20 10:50 - 2007-10-22 00:00 - 00223744 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM97.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00290816 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMA9.DLL
2012-02-27 10:58 - 2010-02-05 04:37 - 00340992 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2013-04-14 19:40 - 2013-04-14 19:40 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2007-05-02 08:52 - 2005-11-30 05:00 - 00020992 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4W.DLL
2009-08-20 10:50 - 2007-10-22 00:00 - 00027136 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD97.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00027648 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPDA9.DLL
2011-11-21 01:26 - 2008-07-06 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-02-27 10:59 - 2010-08-25 06:00 - 02923008 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUIA9.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00586752 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDRA9.DLL
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-27 11:08 - 2010-03-18 18:12 - 01335296 _____ (CANON INC.) C:\WINDOWS\system32\CNC495C.dll
2012-02-27 11:08 - 2010-03-18 20:25 - 00307200 _____ (CANON INC.) C:\WINDOWS\system32\CNC495L.DLL
2013-09-19 18:54 - 2013-09-16 22:20 - 47033808 _____ (Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\chrome.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 09962960 _____ (The ICU Project) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\icudt.dll
2004-08-11 17:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-11 17:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-09-19 18:55 - 2013-09-16 20:23 - 00081768 _____ (Microsoft Corporation) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\xinput1_3.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 04053456 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 00410576 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 02110928 _____ (Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\libpeerconnection.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 01604560 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 13611984 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1390 WLAN Mini-Card
Description: Dell Wireless 1390 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000


System errors:
=============
Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic volume' (STORAGE\RemovableMedia\7&2c01da4d&0&RM) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic volume' (STORAGE\RemovableMedia\7&17670ef9&0&RM) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Multiple Flash Reader USB Device' (USBSTOR\Disk&Ven_Multiple&Prod_Flash_Reader&Rev_1.05\058F63376377&1) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic Mini SD Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_Mini_SD_Reader&Rev_1.06\058F63376377&0) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Multimedia Card Reader' (USB\Vid_058f&Pid_6337\058F63376377) disappeared from the system without first being prepared for removal.

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000


==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 1014.37 MB
Available physical RAM: 194.68 MB
Total Pagefile: 2441.27 MB
Available Pagefile: 1247.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:37.05 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello shelovestomuse,

It looks like you are running both AVG and Microsoft Security Essentials.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall AVG.

After that

Please run Farbar Recovery Scan again and post back the FRST.txt scan result.
  • 0

#5
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Emerald, I supposedly uninstalled AVG a long time ago and am very irritated to discover it's still there. Matter of fact, last round of virus problems I had involved AVG as well. Can you give me some specific instructions for getting the darn thing off my computer once and for all?
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello shelovestomuse,

Can you give me some specific instructions for getting the darn thing off my computer once and for all?


I have included it for removal in the attached.

Now

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run Farbar Recovery Scan again make sure you tick the Addition.txt box before you press the Scan button. Post back the FRST.txt and Addition.txt scan results together with the Fixlog.txt.
  • 0

#7
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Fixlog.txt results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-09-2013 01
Ran by Charlotte Watson at 2013-09-23 20:21:39 Run:1
Running from C:\Documents and Settings\Charlotte Watson\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
AV: AVG Internet Security 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
AV: AVG Internet Security 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} => The item is protected. Make sure the software is uninstalled and its services is removed.
FW: AVG Internet Security 2012 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} => The item is protected. Make sure the software is uninstalled and its services is removed.
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66} => The item is protected. Make sure the software is uninstalled and its services is removed.

==== End of Fixlog ====
  • 0

#8
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-09-2013 01
Ran by Charlotte Watson (administrator) on LAPTOP on 23-09-2013 20:24:02
Running from C:\Documents and Settings\Charlotte Watson\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] - C:\Windows\stsystra.exe [282624 2006-03-24] (SigmaTel, Inc.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [itype] - c:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKCU\...\Run: [Google Update] - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-11-27] (Google Inc.)
HKU\Administrator\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"
HKU\Default User\...\Run: [ModemOnHold] - C:\Program Files\NetWaiting\netWaiting.exe [ 2003-09-10] ()
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0000019b96ab8a5
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg....q={searchTerms}
SearchScopes: HKCU - {002AA7F1-4780-4572-9271-D6FA743736E7} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0000019b96ab8a5
SearchScopes: HKCU - {6609D29C-A472-4B41-868D-D99E142C3B4F} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg....q={searchTerms}
SearchScopes: HKCU - {D653D0BB-FE18-4FE4-B01F-327C206104D7} URL = http://search.yahoo....p={SearchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop...cpConnCheck.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.96.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default
FF user.js: detected! => C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=NT_ss&mntrId=e4c075f80000000000000019b96ab8a5
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF Homepage: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=HP_ss&mntrId=e4c075f80000000000000019b96ab8a5
FF Keyword.URL: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=KW_ss&mntrId=e4c075f80000000000000019b96ab8a5&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYVerInfo.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Babylon - C:\Documents and Settings\Charlotte Watson\Application Data\Mozilla\Firefox\Profiles\4ckqniij.default\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks

Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110790&tt=270912_nocpc_3912_3&babsrc=HP_ss&mntrId=e4c075f80000000000000019b96ab8a5
CHR RestoreOnStartup: "https://www.facebook.com/", "https://mail.google..../?shva=1#inbox", "hxxp://us.mg205.mail.yahoo.com/neo/launch?.partner=vz-acs&.rand=1d2a80rs53hsc", "hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1", "hxxp://collegestation.craigslist.org/", "hxxp://www.shopgoodwill.com/", "hxxp://forecast.weather.gov/MapClick.php?CityName=College+Station&state=TX&site=HGX&lat=30.6005&lon=-96.3124", "hxxp://www.weather.com/weather/monthly/USTX1439", "hxxp://pinterest.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Charlotte Watson\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Google Update) - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\CHARLO~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.)
S3 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-22] (Dell Inc.)
S3 dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe -service [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2006-11-22] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1364574 2005-12-13] (Intel Corporation)
R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8224 2002-06-21] (MicroStaff Co.,Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl4fe5a980; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\MpKsl4fe5a980.sys [40392 2013-09-23] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation)
R0 Pcmcia; C:\Windows\System32\DRIVERS\[email protected] [120192 2008-04-13] (Microsoft Corporation)
S3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2004-01-28] (Texas Instruments Incorporated)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 AVGIDSFilter; system32\DRIVERS\avgidsfilterx.sys [x]
S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-23 18:41 - 2013-09-23 18:42 - 00021516 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Addition.txt
2013-09-23 18:39 - 2013-09-23 18:39 - 00000000 ___DC C:\FRST
2013-09-23 18:34 - 2013-09-23 18:35 - 01088385 _____ (Farbar) C:\Documents and Settings\Charlotte Watson\Desktop\FRST.exe
2013-09-20 13:13 - 2013-09-20 13:13 - 00259584 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTH.exe
2013-09-20 07:50 - 2013-09-20 07:50 - 00079580 _____ C:\Documents and Settings\Charlotte Watson\Desktop\OTL.Txt
2013-09-20 07:41 - 2013-09-20 07:41 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
2013-09-20 07:03 - 2013-09-20 07:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini092013-01.dmp
2013-09-11 07:08 - 2013-09-11 07:08 - 00012239 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 06:14 - 2013-09-11 07:07 - 00010435 _____ C:\WINDOWS\KB2876315.log
2013-09-11 06:14 - 2013-09-11 07:07 - 00009438 _____ C:\WINDOWS\KB2876217.log
2013-09-11 06:13 - 2013-09-11 07:07 - 00009390 _____ C:\WINDOWS\KB2864063.log
2013-08-29 23:31 - 2013-08-29 23:31 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-08-29 23:31 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-08-29 23:29 - 2013-08-29 23:31 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 23:29 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-29 23:29 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iPod
2013-08-28 07:01 - 2013-08-28 07:01 - 00004164 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 07:01 - 2013-08-28 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

==================== One Month Modified Files and Folders =======

2013-09-23 20:04 - 2008-06-21 09:52 - 00000697 _____ C:\WINDOWS\wiadebug.log
2013-09-23 19:47 - 2011-11-27 08:52 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005UA.job
2013-09-23 19:39 - 2012-04-28 17:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-23 18:42 - 2013-09-23 18:41 - 00021516 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Addition.txt
2013-09-23 18:39 - 2013-09-23 18:39 - 00000000 ___DC C:\FRST
2013-09-23 18:37 - 2007-04-24 09:08 - 00002483 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Microsoft Word.lnk
2013-09-23 18:35 - 2013-09-23 18:34 - 01088385 _____ (Farbar) C:\Documents and Settings\Charlotte Watson\Desktop\FRST.exe
2013-09-23 17:31 - 2010-12-30 19:44 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Briana
2013-09-23 16:24 - 2007-10-19 15:17 - 00084992 _____ C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-23 13:47 - 2011-11-27 08:52 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005Core.job
2013-09-23 10:23 - 2004-08-11 17:13 - 01504381 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-23 10:10 - 2013-07-10 23:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-09-23 09:03 - 2012-07-24 19:45 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\SP
2013-09-23 07:18 - 2008-06-21 09:52 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-23 07:18 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-23 07:17 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-22 22:41 - 2004-08-11 17:20 - 00032382 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-22 22:40 - 2007-04-23 17:22 - 00000278 ___SH C:\Documents and Settings\Charlotte Watson\ntuser.ini
2013-09-20 13:37 - 2007-04-23 17:22 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Start Menu\Programs\Accessories
2013-09-20 13:31 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2013-09-20 13:13 - 2013-09-20 13:13 - 00259584 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTH.exe
2013-09-20 12:56 - 2004-08-11 17:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-20 07:50 - 2013-09-20 07:50 - 00079580 _____ C:\Documents and Settings\Charlotte Watson\Desktop\OTL.Txt
2013-09-20 07:41 - 2013-09-20 07:41 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Charlotte Watson\Desktop\OTL.exe
2013-09-20 07:40 - 2012-04-28 17:21 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-20 07:40 - 2011-06-14 07:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-20 07:03 - 2013-09-20 07:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini092013-01.dmp
2013-09-20 07:03 - 2007-06-04 06:54 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-20 06:40 - 2011-11-15 07:40 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2013-09-19 18:55 - 2011-11-27 09:01 - 00002365 _____ C:\Documents and Settings\Charlotte Watson\Desktop\Google Chrome.lnk
2013-09-17 08:53 - 2007-11-05 07:49 - 00000000 ___SD C:\Documents and Settings\Charlotte Watson\My Documents\My Data Sources
2013-09-14 10:50 - 2012-02-07 11:53 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Sergio
2013-09-11 15:59 - 2012-05-16 21:10 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-09-11 15:58 - 2007-05-02 09:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-11 15:54 - 2004-08-11 17:06 - 00205712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 07:08 - 2013-09-11 07:08 - 00012239 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 07:08 - 2011-06-16 08:11 - 00063441 _____ C:\WINDOWS\updspapi.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00845862 _____ C:\WINDOWS\iis6.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00785128 _____ C:\WINDOWS\FaxSetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00381930 _____ C:\WINDOWS\ocgen.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00360045 _____ C:\WINDOWS\tsoc.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00261403 _____ C:\WINDOWS\comsetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00238804 _____ C:\WINDOWS\msmqinst.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00158641 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00138050 _____ C:\WINDOWS\netfxocm.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00054269 _____ C:\WINDOWS\MedCtrOC.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00043707 _____ C:\WINDOWS\ocmsn.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00039497 _____ C:\WINDOWS\tabletoc.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00039413 _____ C:\WINDOWS\msgsocm.log
2013-09-11 07:08 - 2011-05-31 07:01 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 07:07 - 2013-09-11 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 07:07 - 2013-09-11 06:14 - 00010435 _____ C:\WINDOWS\KB2876315.log
2013-09-11 07:07 - 2013-09-11 06:14 - 00009438 _____ C:\WINDOWS\KB2876217.log
2013-09-11 07:07 - 2013-09-11 06:13 - 00009390 _____ C:\WINDOWS\KB2864063.log
2013-09-11 07:07 - 2008-10-24 07:00 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 07:04 - 2013-07-25 22:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 07:01 - 2007-05-01 18:33 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-05 22:45 - 2011-07-06 13:11 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-04 18:44 - 2009-08-22 09:51 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Spanish Homeschool
2013-08-29 23:31 - 2013-08-29 23:31 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-08-29 23:31 - 2013-08-29 23:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-08-29 23:31 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iTunes
2013-08-29 23:31 - 2013-08-29 23:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-29 23:29 - 2013-08-29 23:29 - 00000000 ____D C:\Program Files\iPod
2013-08-29 23:29 - 2009-04-13 18:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-28 07:01 - 2013-08-28 07:01 - 00004164 _____ C:\WINDOWS\KB2834904-v2.log
2013-08-28 07:01 - 2013-08-28 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-08-24 13:14 - 2011-09-19 13:55 - 00000000 ____D C:\Documents and Settings\Charlotte Watson\Desktop\Bryan_School

Some content of TEMP:
====================
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\APNStub.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\avguidx.dll
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\MachineIdCreator.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\MSETUP4.EXE
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{00F11739-2AC4-460C-AB05-639F96C4E1E8}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{1110CFFC-E865-47CC-B7B6-20371392442F}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{297AC320-59A7-49F4-8939-C97F9F6E25C7}.exe
C:\Documents and Settings\Charlotte Watson\Local Settings\temp\oi_{B5CB959E-4436-4C9A-B9CD-1AE010078DD3}.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-09-2013 01
Ran by Charlotte Watson at 2013-09-23 20:25:16
Running from C:\Documents and Settings\Charlotte Watson\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Core FTP LE 2.1
Google Chrome (HKCU Version: 29.0.1547.76)
H&R Block Deluxe + Efile 2012 (Version: 12.04.7803)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 14.0.8089.726)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Move Media Player
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
QuickTime (Version: 7.74.80.86)
Safari (Version: 5.34.52.7)
Segoe UI (Version: 14.0.4327.805)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows PowerShell™ 1.0 (Version: 2)

==================== Restore Points =========================

23-07-2013 11:51:39 Software Distribution Service 3.0
24-07-2013 13:00:00 Software Distribution Service 3.0
25-07-2013 14:02:21 System Checkpoint
26-07-2013 03:57:36 Software Distribution Service 3.0
26-07-2013 15:18:26 Software Distribution Service 3.0
27-07-2013 15:19:05 System Checkpoint
28-07-2013 13:11:09 Software Distribution Service 3.0
29-07-2013 13:27:12 Software Distribution Service 3.0
29-07-2013 14:33:52 Software Distribution Service 3.0
30-07-2013 14:51:35 Software Distribution Service 3.0
31-07-2013 23:05:21 System Checkpoint
01-08-2013 14:51:03 Software Distribution Service 3.0
02-08-2013 22:09:45 System Checkpoint
03-08-2013 11:51:21 Software Distribution Service 3.0
04-08-2013 14:08:06 Software Distribution Service 3.0
05-08-2013 14:49:22 Software Distribution Service 3.0
06-08-2013 23:54:56 System Checkpoint
07-08-2013 13:24:19 Software Distribution Service 3.0
08-08-2013 22:03:35 System Checkpoint
09-08-2013 12:25:13 Software Distribution Service 3.0
10-08-2013 12:36:59 Software Distribution Service 3.0
11-08-2013 14:00:44 Software Distribution Service 3.0
12-08-2013 15:22:54 Software Distribution Service 3.0
14-08-2013 01:11:11 System Checkpoint
14-08-2013 12:37:29 Software Distribution Service 3.0
14-08-2013 12:52:26 Software Distribution Service 3.0
15-08-2013 20:21:47 Software Distribution Service 3.0
16-08-2013 22:18:44 System Checkpoint
17-08-2013 11:57:52 Software Distribution Service 3.0
18-08-2013 13:31:47 Software Distribution Service 3.0
19-08-2013 14:56:23 Software Distribution Service 3.0
20-08-2013 20:21:31 Software Distribution Service 3.0
21-08-2013 23:29:01 System Checkpoint
22-08-2013 11:02:35 Software Distribution Service 3.0
23-08-2013 15:10:22 System Checkpoint
24-08-2013 14:07:33 Software Distribution Service 3.0
25-08-2013 14:22:05 System Checkpoint
26-08-2013 12:15:43 Software Distribution Service 3.0
26-08-2013 15:20:59 Software Distribution Service 3.0
27-08-2013 21:37:28 System Checkpoint
28-08-2013 11:58:10 Software Distribution Service 3.0
28-08-2013 12:01:14 Software Distribution Service 3.0
29-08-2013 23:25:36 Software Distribution Service 3.0
31-08-2013 13:39:02 Software Distribution Service 3.0
01-09-2013 13:43:25 Software Distribution Service 3.0
02-09-2013 13:48:27 Software Distribution Service 3.0
02-09-2013 15:18:16 Software Distribution Service 3.0
03-09-2013 21:43:54 System Checkpoint
04-09-2013 12:19:08 Software Distribution Service 3.0
05-09-2013 13:04:33 Software Distribution Service 3.0
05-09-2013 23:43:24 Software Distribution Service 3.0
06-09-2013 23:58:14 System Checkpoint
07-09-2013 11:22:18 Software Distribution Service 3.0
08-09-2013 13:28:28 System Checkpoint
09-09-2013 11:18:31 Software Distribution Service 3.0
09-09-2013 15:24:53 Software Distribution Service 3.0
10-09-2013 21:05:58 System Checkpoint
11-09-2013 11:17:49 Software Distribution Service 3.0
11-09-2013 12:00:25 Software Distribution Service 3.0
12-09-2013 10:40:23 Software Distribution Service 3.0
12-09-2013 11:58:20 Software Distribution Service 3.0
12-09-2013 12:00:16 Software Distribution Service 3.0
12-09-2013 12:36:17 Software Distribution Service 3.0
12-09-2013 12:55:19 Software Distribution Service 3.0
12-09-2013 20:30:22 Software Distribution Service 3.0
12-09-2013 20:38:18 Software Distribution Service 3.0
13-09-2013 03:20:47 Software Distribution Service 3.0
13-09-2013 11:16:31 Software Distribution Service 3.0
13-09-2013 12:00:22 Software Distribution Service 3.0
14-09-2013 02:51:30 Software Distribution Service 3.0
14-09-2013 13:29:32 Software Distribution Service 3.0
15-09-2013 18:17:18 Software Distribution Service 3.0
16-09-2013 14:37:28 Software Distribution Service 3.0
17-09-2013 15:37:25 System Checkpoint
17-09-2013 23:15:44 Software Distribution Service 3.0
19-09-2013 11:18:20 Software Distribution Service 3.0
20-09-2013 11:20:22 Software Distribution Service 3.0
21-09-2013 13:59:29 Software Distribution Service 3.0
22-09-2013 23:15:40 System Checkpoint
23-09-2013 12:29:06 Software Distribution Service 3.0
23-09-2013 15:12:59 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-11 17:00 - 2011-10-10 17:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005Core.job => C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2447034510-1578476889-3553571194-1005UA.job => C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2007-04-17 20:11 - 2006-11-22 17:31 - 00770048 _____ (Dell Inc.) C:\WINDOWS\System32\BCMLogon.dll
2013-09-23 10:13 - 2013-09-05 00:02 - 07328304 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\mpengine.dll
2013-09-23 10:18 - 2013-09-23 10:18 - 00060872 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07C460B-9EE7-4AE4-9BF6-858ACA066991}\offreg.dll
2007-05-02 08:52 - 2005-11-30 05:00 - 00140288 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM4W.DLL
2009-08-20 10:50 - 2007-10-22 00:00 - 00223744 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM97.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00290816 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMA9.DLL
2012-02-27 10:58 - 2010-02-05 04:37 - 00340992 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2013-04-14 19:40 - 2013-04-14 19:40 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2007-05-02 08:52 - 2005-11-30 05:00 - 00020992 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4W.DLL
2009-08-20 10:50 - 2007-10-22 00:00 - 00027136 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD97.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00027648 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPDA9.DLL
2011-11-21 01:26 - 2008-07-06 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-02-27 10:59 - 2010-08-25 06:00 - 02923008 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUIA9.DLL
2012-02-27 10:59 - 2010-08-25 06:00 - 00586752 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDRA9.DLL
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-19 18:54 - 2013-09-16 22:20 - 47033808 _____ (Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\chrome.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 09962960 _____ (The ICU Project) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\icudt.dll
2004-08-11 17:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-11 17:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-09-19 18:55 - 2013-09-16 20:23 - 00081768 _____ (Microsoft Corporation) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\xinput1_3.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 04053456 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 00410576 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 02110928 _____ (Google Inc.) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\libpeerconnection.dll
2013-09-19 18:55 - 2013-09-16 22:20 - 01604560 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
2013-09-19 18:55 - 2013-09-16 22:21 - 13611984 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
2013-09-19 18:54 - 2013-09-16 20:23 - 02106216 _____ (Microsoft Corporation) C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\D3DCompiler_43.dll
2013-07-06 15:02 - 2013-07-06 15:02 - 04591616 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-07-06 15:02 - 2013-07-06 15:02 - 00112128 _____ () C:\Documents and Settings\Charlotte Watson\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1390 WLAN Mini-Card
Description: Dell Wireless 1390 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000


System errors:
=============
Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic volume' (STORAGE\RemovableMedia\7&2c01da4d&0&RM) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic volume' (STORAGE\RemovableMedia\7&17670ef9&0&RM) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Multiple Flash Reader USB Device' (USBSTOR\Disk&Ven_Multiple&Prod_Flash_Reader&Rev_1.05\058F63376377&1) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Generic Mini SD Reader USB Device' (USBSTOR\Disk&Ven_Generic&Prod_Mini_SD_Reader&Rev_1.06\058F63376377&0) disappeared from the system without first being prepared for removal.

Error: (09/23/2013 03:34:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'Multimedia Card Reader' (USB\Vid_058f&Pid_6337\058F63376377) disappeared from the system without first being prepared for removal.

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (09/20/2013 01:20:08 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10582063

Error: (09/15/2013 07:16:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6047

Error: (09/15/2013 04:19:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4094

Error: (09/15/2013 04:19:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/15/2013 04:19:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000


==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1014.37 MB
Available physical RAM: 222.46 MB
Total Pagefile: 2441.27 MB
Available Pagefile: 1189.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:37.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:3.83 GB) (Free:0.5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================



Sorry for the double post.
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Sorry for the double post.


That's fine... just use as many as you like.

Now

Sometimes a security program prevents FRST from removing it.

Check out the link below and download and run the AVG removal tool appropriate for your machine. It will be the 32-bit 2012 one.

http://www.avg.com/ca-en/utilities

Reboot you computer.

After that

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#10
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I rebooted twice. Both times the AVG Removal thing came up as soon as I rebooted, asking if I wanted to run it. I said yes both times, but didn't reboot the third time as it was starting to look like a mulberry bush.

The first time I ran it, MSE still showed green, but the Security Center shows that it's turned off. I couldn't find anywhere in MSE to turn it off or disable it.

I also got the following error message the second time I rebooted and ran that AVG thing. I took a screenshot of it, which was faster than trying to copy it all down, and attached it.

I'll proceed to the Junkware Removal Tool now.
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I'll proceed to the Junkware Removal Tool now.


Okie dokie :thumbsup:

We can check out the AVG thing later.
  • 0

#12
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Charlotte Watson on Mon 09/23/2013 at 21:10:53.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2447034510-1578476889-3553571194-1005\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{002AA7F1-4780-4572-9271-D6FA743736E7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Charlotte Watson\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/23/2013 at 21:15:16.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I don't know how to turn on the AV again. MSE is showing as on, but the Security Center says it's off.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello shelovestomuse,

MSE is showing as on, but the Security Center says it's off.


We will look at that but it's probably fine. If MSE is green and says its running you should be good.

Sometimes the Security Center thinks the AV is not there when it is.

Now

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

#15
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Well. MSE and SC need to get some horizontal communication going. I'll be right back with the new scan results.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP