Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware infected including delta search takeover [Solved]


  • This topic is locked This topic is locked

#1
moose1

moose1

    Member

  • Member
  • PipPip
  • 26 posts
good morning. I have a compute that has a delta search redirect when I try to go to google. We also have firefox browsers open or close without closing or opening on our own. in the past I have been able to run malware bytes free and get rid of problems but this one persists. In addition there is a file in my programs(with no extension) called pdf writer that cannot be uninstalled and it looks like it was installed yesterday when my daughter was trying to make spanish flashcards..... we use firefox mainly but also have internet explorer. running windows vista computer seems to be running quite slow. thanks for any help and sorry that I don't know tech terms to explain issues better. her is the otl log:

OTL Extras logfile created on: 9/20/2013 10:59:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.92% Memory free
4.17 Gb Paging File | 2.47 Gb Available in Paging File | 59.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 38.74 Gb Free Space | 27.88% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.76 Gb Free Space | 37.57% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4145F6A9-82A1-411A-A747-A4265FF5CE88}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{7787298F-7124-4FBF-B4C7-992EC0AB74D5}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{8EF63A4B-0961-4E58-A23B-386A85BEE9CE}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{A7CFC973-900F-45FD-A64E-747837CA98C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DFDC7A99-71FC-4839-829E-BEB089805289}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CA2FC6-5746-40D9-A596-51A778BC86A2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{0858338D-9FB8-4B3E-9FC2-676CE8893654}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2F67977F-FF7E-41B8-9B6F-DC94C8888585}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3043DE08-62B4-49F0-80C4-7493B7BE11C4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{331758C0-8B81-4926-B2BE-0139C34EF976}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3AF181F1-E661-485B-B5D9-033E0195C8B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D6575D8-57C2-47A0-8756-488A54B0B92F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{57E33139-5D40-42BA-A1A7-7F264901588A}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{5877FEDD-002F-4A76-A6DD-A34C44EF9052}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{5975DEE9-8252-4D96-9DBB-B9454AD62CF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{66C140AD-AFA1-4B98-A31F-B8524018C66E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70D6162C-E500-4243-A4FE-95C7E70A1F06}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{75CF64D3-F975-4222-A4A4-A1B6924D5BC3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{782211AA-65E7-4FD5-ABE6-56DA52176798}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{7BE6342F-E47F-4268-AF3F-7B8C3945009E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7F2FC639-4585-4CB9-BBF6-DDECD5C0E452}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89876C2B-BB92-4EAF-809D-6BCDF948570D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9D627023-1D38-45A7-ABF0-FC779D44DD2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B0D406CC-BBE5-4FBE-AA71-CA0FD7406663}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CB474F9D-76C1-4E4D-85CD-7466FF951E30}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{CB7BE48B-CE50-4E59-B8E8-A1C4DBAD18E0}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D7A4FFEB-69FA-4ED5-900B-513175CBA8D1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E3D7D0B8-EBDE-42F0-B0A2-31C5D8BC26B1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E7EDEBD2-12D8-477A-AC63-5E339DB951ED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{EEF457C5-60D6-4F0F-A115-CB708871861C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F94EC142-DA19-4611-B809-72CD8B16B242}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{B4A50947-424B-480F-8035-EC9D9C0E74EC}C:\users\bruce\downloads\spybotportable\app\spybot\sdupdate.exe" = protocol=6 | dir=in | app=c:\users\bruce\downloads\spybotportable\app\spybot\sdupdate.exe |
"TCP Query User{BE590EA8-0850-4F44-BB37-10EB14AC2627}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FC48F2B5-23D8-41F5-B6DC-F1E2BC5679A5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{20B37CB1-2857-4D38-A805-6A8E744DFB2E}C:\users\bruce\downloads\spybotportable\app\spybot\sdupdate.exe" = protocol=17 | dir=in | app=c:\users\bruce\downloads\spybotportable\app\spybot\sdupdate.exe |
"UDP Query User{374DB511-3BFF-4476-9AD3-5BE0EB17CBF1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DEC78D5E-B4E9-422E-B64C-95F171989AD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series" = Canon MX890 series MP Drivers
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}" = Garmin City Navigator NorthAmerica NT 2013.30 Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}" = Garmin MapInstall
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26615EF-AF0A-486C-99C9-B65C8C401EBC}" = EuroTalk Talk Now!
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"8F1A19F8168CB0908127999D4F53773EAF35C31E" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazing Slow Downer EE" = Amazing Slow Downer (remove only)
"AVG" = AVG 2013
"Canon MX890 series On-screen Manual" = Canon MX890 series On-screen Manual
"Canon MX890 series User Registration" = Canon MX890 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"RealPlayer 16.0" = RealPlayer
"SmartMusic Content" = SmartMusic Content (shared music files)
"Speed Dial Utility" = Canon Speed Dial Utility
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cognitive Tutor" = Cognitive Tutor
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"PDF Writer Packages" = PDF Writer Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/20/2013 5:08:32 AM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18751

Error - 9/20/2013 9:10:17 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:17 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:18 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:18 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:18 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:18 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 9:10:18 AM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 9/20/2013 12:30:12 PM | Computer Name = Bruce-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/20/2013 1:50:51 PM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 23.0.1.4974, time stamp
0x520bc252, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27,
exception code 0xc0000374, fault offset 0x000b06fc, process id 0x123c, application
start time 0x01ceb626d830a192.

[ OSession Events ]
Error - 5/14/2009 8:19:37 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/31/2009 4:20:03 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3887
seconds with 2340 seconds of active time. This session ended with a crash.

Error - 3/7/2010 3:51:40 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1579
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 3/21/2010 12:16:53 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/5/2010 3:19:58 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/15/2010 11:18:48 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/18/2010 1:07:41 AM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/1/2011 4:52:24 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15243
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/19/2012 3:04:52 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51951
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/27/2013 1:19:32 PM | Computer Name = Bruce-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3517
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/14/2013 11:52:52 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/14/2013 12:54:15 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 9/15/2013 9:52:57 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 9/15/2013 11:18:41 PM | Computer Name = Bruce-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:17:09 PM on 9/15/2013 was unexpected.

Error - 9/16/2013 10:01:50 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/19/2013 8:44:06 AM | Computer Name = Bruce-PC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00219B16AB36. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 9/20/2013 1:01:27 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/20/2013 1:01:41 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/20/2013 12:26:56 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 9/20/2013 12:30:13 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you post the main OTL log please as that has the main data :)
  • 0

#3
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hope this is the right one :-)

OTL logfile created on: 9/20/2013 12:51:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.23% Memory free
4.17 Gb Paging File | 2.46 Gb Available in Paging File | 58.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 38.73 Gb Free Space | 27.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.76 Gb Free Space | 37.57% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/20 10:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Downloads\OTL(1).exe
PRC - [2013/09/02 07:32:16 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/16 20:06:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/08/14 17:14:13 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/14 17:14:13 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/14 17:14:13 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2013/08/14 15:19:58 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/12/14 21:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/07/25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/07/19 06:23:08 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/18 23:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/18 23:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 20:06:56 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 17:14:13 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/14 17:14:13 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/14 17:14:13 | 000,144,560 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 19:41:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 20:06:57 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 17:14:13 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/12/14 21:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/18 23:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/14 17:14:13 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/01/27 10:20:12 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/01 06:46:38 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2011/09/22 15:42:02 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/12/20 22:55:02 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/12/20 22:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/12/20 22:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
DRV - [2010/12/20 22:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010/12/20 22:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/12/20 22:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2008/08/26 10:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/08/19 00:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 00:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/18 23:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/13 15:15:18 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/17 02:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=3090107
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...3_cpn1&tsp=5011
IE - HKCU\..\SearchScopes\{12B45D44-F1C7-4822-AB8B-96EEC7A3D079}: "URL" = http://www.google.co...&rlz=1I7DLUS_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-01 09:03:09&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bruce\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bruce\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/14 17:14:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/02 07:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/02 07:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/14 08:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/14 08:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bruce\AppData\Roaming\Move Networks [2009/12/10 20:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/14 08:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/14 08:48:24 | 000,000,000 | ---D | M]

[2009/01/24 12:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\b58z2pnq.default\extensions
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions
[2013/06/14 19:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions\[email protected]
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\g9ez93mr.default-1371264148101\extensions
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\b58z2pnq.default\extensions\[email protected]
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions\[email protected]
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\g9ez93mr.default-1371264148101\extensions\[email protected]
[2013/08/16 20:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 20:06:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/16 20:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 20:07:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/02 07:33:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/06/20 09:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 09:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/09/02 07:32:28 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/03/27 14:59:02 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94EA253F-29A1-436A-B982-24B00192536A}: DhcpNameServer = 68.185.34.67 68.185.32.10 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D99EFB1-3957-46B3-99D6-7B0FD1AC5278}: DhcpNameServer = 68.116.46.115 24.205.192.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC5F586-5A35-48DF-BB08-DD5A90B544F1}: DhcpNameServer = 68.185.34.67 68.185.32.10 68.116.46.115
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a3fbffde-edef-11df-9501-00219b16ab36}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O33 - MountPoints2\{f3e900a9-ae8e-11de-b325-001217904ebb}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e900a9-ae8e-11de-b325-001217904ebb}\Shell\AutoRun\command - "" = F:\SecureDrive_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 19:53:26 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/09/19 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013/09/19 19:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013/09/19 19:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2013/09/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/09/19 19:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/09/19 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\DigitalSite
[2013/09/14 09:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/14 08:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/14 08:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/14 08:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/14 08:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/09/14 08:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/09/13 22:14:12 | 000,000,000 | ---D | C] -- C:\kiosk
[2013/09/13 22:09:43 | 000,000,000 | ---D | C] -- C:\temp2
[2013/09/13 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Worksimaging
[2013/09/13 13:24:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/13 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/02 07:34:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\RealNetworks
[2013/09/02 07:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/09/02 07:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/09/02 07:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/09/01 13:03:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[1 C:\Users\Bruce\Documents\*.tmp files -> C:\Users\Bruce\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/20 12:52:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job
[2013/09/20 12:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 11:28:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 11:28:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 09:29:26 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/09/20 09:28:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 09:28:48 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 19:54:10 | 000,002,627 | ---- | M] () -- C:\Users\Bruce\Desktop\Microsoft Office Word 2007.lnk
[2013/09/15 22:00:01 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/15 15:55:37 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Desktop\paradise cove edited.pdf
[2013/09/15 15:54:30 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Desktop\hawaii 2013-2.pdf
[2013/09/15 14:09:00 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Documents\hawaii 2013.pdf
[2013/09/15 12:49:52 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/15 12:49:52 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/14 09:00:01 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/14 08:48:03 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/09/13 21:15:48 | 000,103,936 | ---- | M] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/13 13:23:33 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/03 10:06:58 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/09/02 07:33:29 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/09/02 07:32:20 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[1 C:\Users\Bruce\Documents\*.tmp files -> C:\Users\Bruce\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/19 19:52:03 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\DigitalSite.job
[2013/09/15 15:55:37 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Desktop\paradise cove edited.pdf
[2013/09/15 15:54:30 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Desktop\hawaii 2013-2.pdf
[2013/09/15 14:08:48 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Documents\hawaii 2013.pdf
[2013/09/14 09:00:01 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/14 08:48:03 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/09/02 07:33:29 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/05/20 16:27:14 | 000,003,715 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/03/12 19:11:50 | 000,000,461 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010/08/05 07:26:06 | 000,000,632 | RHS- | C] () -- C:\Users\Bruce\ntuser.pol
[2009/08/23 09:45:43 | 000,000,094 | ---- | C] () -- C:\Users\Bruce\couponmanager.properties
[2009/01/24 23:37:14 | 000,103,936 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 20:35:42 | 000,007,728 | ---- | C] () -- C:\Users\Bruce\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/19 19:53:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/01/27 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Ad-Aware Antivirus
[2012/12/21 17:27:29 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG
[2012/10/15 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG2013
[2013/01/20 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Canon
[2013/09/19 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\DigitalSite
[2010/12/31 17:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\EuroTalk
[2010/06/13 09:40:28 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Facebook
[2013/01/20 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\GARMIN
[2012/08/31 16:05:54 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Samsung
[2012/10/15 17:21:44 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TuneUp Software
[2013/09/13 22:08:58 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Worksimaging

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if this clears it :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=3090107
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...3_cpn1&tsp=5011
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
[2013/06/14 19:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions\[email protected]
[2012/06/20 09:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 09:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/09/19 19:53:26 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/09/19 19:53:17 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[2013/09/19 19:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013/09/19 19:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/09/19 19:52:01 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\DigitalSite
[2013/09/20 12:52:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#5
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here is the OTL will post junkware when finished:
OTL logfile created on: 9/20/2013 2:12:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruce\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.76% Memory free
4.17 Gb Paging File | 2.43 Gb Available in Paging File | 58.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 45.05 Gb Free Space | 32.42% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.76 Gb Free Space | 37.57% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/20 10:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Downloads\OTL(1).exe
PRC - [2013/09/02 07:32:16 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/16 20:06:58 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/08/14 17:14:13 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/14 17:14:13 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/14 17:14:13 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2013/08/14 15:19:58 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/12/14 21:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/07/25 12:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/07/19 06:23:08 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/18 23:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/18 23:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/16 20:06:56 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/14 17:14:13 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/14 17:14:13 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/14 17:14:13 | 000,144,560 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 19:41:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 20:06:57 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 17:14:13 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/12/14 21:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/18 23:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/14 17:14:13 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/01/27 10:20:12 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/01 06:46:38 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2011/09/22 15:42:02 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/12/20 22:55:02 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/12/20 22:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/12/20 22:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
DRV - [2010/12/20 22:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010/12/20 22:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/12/20 22:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2008/08/26 10:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/08/19 00:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 00:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/18 23:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/05/13 15:15:18 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/17 02:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{12B45D44-F1C7-4822-AB8B-96EEC7A3D079}: "URL" = http://www.google.co...&rlz=1I7DLUS_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-10-01 09:03:09&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bruce\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bruce\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/14 17:14:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/02 07:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/02 07:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/14 08:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/20 13:53:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Bruce\AppData\Roaming\Move Networks [2009/12/10 20:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/14 08:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/20 13:53:30 | 000,000,000 | ---D | M]

[2009/01/24 12:20:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\b58z2pnq.default\extensions
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions
[2013/09/19 19:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\g9ez93mr.default-1371264148101\extensions
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\b58z2pnq.default\extensions\[email protected]
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\byegqvxk.default\extensions\[email protected]
[2013/08/29 19:16:32 | 000,008,323 | ---- | M] () (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\g9ez93mr.default-1371264148101\extensions\[email protected]
[2013/08/16 20:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 20:06:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/16 20:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 20:07:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/02 07:33:24 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/09/02 07:32:28 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/03/27 14:59:02 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2013/09/20 13:54:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94EA253F-29A1-436A-B982-24B00192536A}: DhcpNameServer = 68.185.34.67 68.185.32.10 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D99EFB1-3957-46B3-99D6-7B0FD1AC5278}: DhcpNameServer = 68.116.46.115 24.205.192.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC5F586-5A35-48DF-BB08-DD5A90B544F1}: DhcpNameServer = 68.185.34.67 68.185.32.10 68.116.46.115
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a3fbffde-edef-11df-9501-00219b16ab36}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O33 - MountPoints2\{f3e900a9-ae8e-11de-b325-001217904ebb}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e900a9-ae8e-11de-b325-001217904ebb}\Shell\AutoRun\command - "" = F:\SecureDrive_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 13:52:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/19 19:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2013/09/19 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/09/14 09:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/14 08:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/14 08:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/14 08:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/14 08:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/09/14 08:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/09/13 22:14:12 | 000,000,000 | ---D | C] -- C:\kiosk
[2013/09/13 22:09:43 | 000,000,000 | ---D | C] -- C:\temp2
[2013/09/13 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Worksimaging
[2013/09/13 13:24:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/13 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/02 07:34:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\RealNetworks
[2013/09/02 07:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/09/02 07:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/09/02 07:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/09/01 13:03:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[1 C:\Users\Bruce\Documents\*.tmp files -> C:\Users\Bruce\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/20 14:08:44 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/09/20 14:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 14:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 14:08:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 14:08:16 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 13:54:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/09/20 13:41:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 19:54:10 | 000,002,627 | ---- | M] () -- C:\Users\Bruce\Desktop\Microsoft Office Word 2007.lnk
[2013/09/15 22:00:01 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/09/15 15:55:37 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Desktop\paradise cove edited.pdf
[2013/09/15 15:54:30 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Desktop\hawaii 2013-2.pdf
[2013/09/15 14:09:00 | 014,065,360 | ---- | M] () -- C:\Users\Bruce\Documents\hawaii 2013.pdf
[2013/09/15 12:49:52 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/15 12:49:52 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/14 09:00:01 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/14 08:48:03 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/09/13 21:15:48 | 000,103,936 | ---- | M] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/13 13:23:33 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2013/09/03 10:06:58 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/09/02 07:33:29 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/09/02 07:32:20 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[1 C:\Users\Bruce\Documents\*.tmp files -> C:\Users\Bruce\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/15 15:55:37 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Desktop\paradise cove edited.pdf
[2013/09/15 15:54:30 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Desktop\hawaii 2013-2.pdf
[2013/09/15 14:08:48 | 014,065,360 | ---- | C] () -- C:\Users\Bruce\Documents\hawaii 2013.pdf
[2013/09/14 09:00:01 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/14 08:48:03 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/09/02 07:33:29 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/05/20 16:27:14 | 000,003,715 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/03/12 19:11:50 | 000,000,461 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010/08/05 07:26:06 | 000,000,632 | RHS- | C] () -- C:\Users\Bruce\ntuser.pol
[2009/08/23 09:45:43 | 000,000,094 | ---- | C] () -- C:\Users\Bruce\couponmanager.properties
[2009/01/24 23:37:14 | 000,103,936 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 20:35:42 | 000,007,728 | ---- | C] () -- C:\Users\Bruce\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/27 13:19:12 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Ad-Aware Antivirus
[2012/12/21 17:27:29 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG
[2012/10/15 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\AVG2013
[2013/01/20 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Canon
[2010/12/31 17:36:48 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\EuroTalk
[2010/06/13 09:40:28 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Facebook
[2013/01/20 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\GARMIN
[2012/08/31 16:05:54 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Samsung
[2012/10/15 17:21:44 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\TuneUp Software
[2013/09/13 22:08:58 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Worksimaging

========== Purity Check ==========



< End of report >
  • 0

#6
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here is the file:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Bruce on Fri 09/20/2013 at 14:30:07.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1377166915-2093714439-561898374-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\digitalsite



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\Users\Bruce\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Bruce\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\g9ez93mr.default-1371264148101\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\g9ez93mr.default-1371264148101\bprotector_prefs.js
Successfully deleted the following from C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\g9ez93mr.default-1371264148101\prefs.js

user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=E6C500219B16AB36&affID=119351&tt=160913_cpn1&tsp=5011");
Emptied folder: C:\Users\Bruce\AppData\Roaming\mozilla\firefox\profiles\g9ez93mr.default-1371264148101\minidumps [65 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/20/2013 at 14:33:46.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that Delta and its friends have now gone

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#8
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
the redirect seems to be gone(thank you). Here is the malwarebyte log it had 1 bad file that I removed:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.20.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bruce :: BRUCE-PC [administrator]

9/21/2013 7:26:38 AM
mbam-log-2013-09-21 (07-26-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227937
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Bruce\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

(end)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#10
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
thank you for your help. will attempt to make sure all users are more careful in the future
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Show them this small blog
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP