[robkbriggs]

Hello,

My uncle brought his PC to me saying that when he turns it on and tries to use the internet, it starts going so slow it basically just freezes. I turned it on last night, and he is right. I'm not sure that there is malware causing it, but I would guess that's it. I originally set it up for him probably 5 or 6 years ago, but I haven't messed with it since.

Here is the OTL Log
OTL logfile created on: 9/24/2013 10:40:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.49% Memory free
7.31 Gb Paging File | 6.59 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 4096 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 92.49 Gb Free Space | 62.08% Space Free | Partition Type: NTFS

Computer Name: DBJXLM81 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2013/08/15 04:30:07 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/15 04:30:07 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 04:30:08 | 000,144,560 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2013/08/15 04:30:07 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/15 04:30:07 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/15 04:30:07 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2008/01/24 19:26:36 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DP.sys -- (DP1112)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/15 04:30:08 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/06/22 08:58:22 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/10 21:10:51 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/15 14:33:52 | 000,123,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/08/04 17:47:00 | 000,205,220 | ---- | M] (Jungo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {811FB681-61C2-4442-9C96-9F164F619ED7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-27DF8935B3B2}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 09:19:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 08:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/15 04:30:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/09/09 20:44:54 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Music Connect\Remix\msptcmd.exe (MSpot)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\betsp.dll (Aventail Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\betsp.dll (Aventail Corporation)
O15 - HKCU\..Trusted Domains: amaena.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: imageservr.com ([locator.cdn] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sysprotect.com ([scanner] http in Trusted sites)
O15 - HKCU\..Trusted Domains: systemdoctor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: winantivirus.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: winantiviruspro.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: winsoftware.com ([download.cdn] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1129833835296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1143075791750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{343207A7-E769-42E8-A835-CC433AC6851C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\9040a192382: DllName - (C:\WINDOWS\system32\__c00A574E.dat) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/24 10:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/05/09 10:51:17 | 064,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe
[2007/01/21 22:11:49 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdm.sys
[2007/01/21 22:11:49 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmserd.sys
[2007/01/21 22:11:49 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmbus.sys
[2007/01/21 22:11:49 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdfl.sys
[2007/01/21 22:11:49 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcmnt.sys
[2007/01/21 22:11:49 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmwhnt.sys
[2007/01/21 22:11:49 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcr.sys
[2006/10/10 21:10:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermptxp.sys
[2006/10/10 21:10:51 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermpt.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2013/09/24 10:40:32 | 138,112,954 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/09/24 10:35:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/24 10:34:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/24 10:34:07 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/24 05:40:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My PhotoParades.lnk
[2013/09/24 04:46:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 01:58:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/09/23 22:19:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 22:19:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/09/23 17:25:41 | 000,277,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/09/19 08:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/18 03:29:42 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/18 03:10:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/23 22:18:49 | 3747,753,984 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 22:49:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/08 15:15:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Mark\webct_upload_applet.properties
[2008/07/19 21:09:34 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\mcs.rma
[2008/07/19 21:09:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\D1C45D
[2007/06/10 13:00:22 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mark\presets.ini
[2007/01/21 22:11:49 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_MDM.INF
[2007/01/21 22:11:49 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_BUS.INF
[2007/01/21 22:11:49 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_SDM.INF
[2007/01/21 22:11:44 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.PNF
[2007/01/21 22:11:44 | 000,013,998 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem15.PNF
[2007/01/21 22:11:44 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.PNF
[2007/01/21 22:11:44 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.PNF
[2007/01/21 22:11:44 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.PNF
[2007/01/21 22:11:44 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.inf
[2007/01/21 22:11:44 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Mark\1169439104-(null)
[2007/01/21 22:11:44 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.inf
[2007/01/21 22:11:44 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.inf
[2007/01/21 22:11:44 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.inf
[2006/10/29 16:04:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/10 21:10:51 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_BRIT.INF
[2006/10/10 21:10:51 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000.INF
[2006/10/10 21:10:51 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000XP.INF
[2006/10/10 21:10:51 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_A1000.INF
[2006/10/10 21:10:51 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Mark\USB_CMCS_2000.INF

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 19:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/10/11 17:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2013/06/27 02:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/02/26 12:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/02/22 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/22 09:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/07/17 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/05/22 09:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/02/11 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/01/31 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Punch! Software
[2012/02/08 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/22 07:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/11 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/10/11 17:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Aventail
[2011/12/13 07:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG Secure Search
[2011/02/22 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG10
[2007/01/02 16:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Image Zone Express
[2007/08/16 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\InterTrust
[2008/09/10 22:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\iWin
[2005/10/29 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Leadertech
[2007/07/04 15:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\PhotoParade
[2011/01/31 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Punch! Software
[2009/04/26 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Snapfish
[2012/02/08 18:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TaxCut

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5

< End of report >

Extras Log

OTL Extras logfile created on: 9/24/2013 10:40:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.49% Memory free
7.31 Gb Paging File | 6.59 Gb Available in Paging File | 90.09% Paging File free
Paging file location(s): C:\pagefile.sys 4096 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 92.49 Gb Free Space | 62.08% Space Free | Partition Type: NTFS

Computer Name: DBJXLM81 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG Free\avgemc.exe" = C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client -- (Hewlett-Packard)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe" = C:\Program Files\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe:*:Enabled:Prelauncher -- ()
"C:\Program Files\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe" = C:\Program Files\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe:*:Enabled:OLCLauncher -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{158C6F7A-A239-4673-B491-B26FB8695EDC}" = H&R Block New Mexico 2011
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5AB52F3C-23C7-4FB2-9285-C0C0635CABCC}" = Punch! Home and Landscape
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{759524D5-08C9-4E88-8EB3-8D6ECB226C52}" = HP Image Zone Express
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7934E471-8A71-4144-9D68-E8DB6A7166DD}" = H&R Block New Mexico 2009
"{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}" = iTunes
"{81FB87B4-AEA6-49A8-9110-BED4AEFC20E8}" = H&R Block Deluxe + Efile 2010
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93FB1634-C580-11D6-9957-006008A71E3E}" = Graphical Analysis
"{95625655-165A-4A06-B608-EA1FD8414377}" = HighRoller
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CAC5A4CF-0800-4D0B-9DD6-A5BC2708D6D7}" = AVG 2011
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alltel Music Connect 1.1.23" = Alltel Music Connect 1.1.23
"AVG" = AVG 2011
"AVG Secure Search" = AVG Security Toolbar
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fast Browser SearchP" = Fast Browser Search Protection
"Hard Rock Casino" = Hard Rock Casino
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP PhotoSmart 210/215 Camera Software" = HP PhotoSmart 210/215 Camera Software (by ArcSoft)
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"mSpot" = Music Connect 1.2.17
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoParade.exe" = PhotoParade Player
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"Snood_is1" = Snood for Windows version 3.52-W
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2013 10:29:48 PM | Computer Name = DBJXLM81 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/17/2013 10:18:45 AM | Computer Name = DBJXLM81 | Source = Application Error | ID = 1000
Description = Faulting application avgtray.exe, version 10.0.0.1425, faulting module
, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 9/23/2013 10:32:53 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 9/23/2013 10:32:53 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 9/23/2013 10:32:53 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 9/23/2013 10:32:53 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 9/23/2013 10:33:37 PM | Computer Name = DBJXLM81 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/24/2013 12:21:15 AM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7000
Description = The DP1112 service failed to start due to the following error: %%2

Error - 9/24/2013 12:21:15 AM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/24/2013 12:34:10 PM | Computer Name = DBJXLM81 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.254.3 for the Network Card with network
address 00142232AF4B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/24/2013 12:35:45 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7000
Description = The DP1112 service failed to start due to the following error: %%2

Error - 9/24/2013 12:35:45 PM | Computer Name = DBJXLM81 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >


Thanks,
Rob

Edited by robkbriggs, 24 September 2013 - 07:38 PM.

[Advertisements]

Hello robkbriggs Nice to meet you

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please read all instructions and fixes thoroughly.

• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
• Any fixes provided by myself are for this log file only and cannot be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.




I can see a few issues in the scan but I need some more information from OTL. I want you to carry out the following scans for me


1. OTL Scan

• Double click the OTL icon.
• Select the following boxes:
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name WhiteList
• LOP Check
• Copy and paste the following into the Custom Scans\Fixes box without the word Quote.
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  

• Now Click Run Scan
• OTL will now scan your computer and produce a file named OTL.txt.
• Post in your next reply

2. aswMBR

• Using this link download aswMBR.exe to your desktop.
• Double click aswMBR.exe and select No for AVAST virus definitions.
• Click the Scan button to start.
• When the scan ends click Save Log and save it to your desktop
• Post this log in your next reply

3. Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

4. Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt please post the contents of that document.

Things I want to see in your next post.

• OTL.txt
• aswMBR log
• FSS.txt
• Checkup.txt

[Nutloaf]

Hello robkbriggs Nice to meet you

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

Please read all instructions and fixes thoroughly.

• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
• Any fixes provided by myself are for this log file only and cannot be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.




I can see a few issues in the scan but I need some more information from OTL. I want you to carry out the following scans for me


1. OTL Scan

• Double click the OTL icon.
• Select the following boxes:
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name WhiteList
• LOP Check
• Copy and paste the following into the Custom Scans\Fixes box without the word Quote.
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  

• Now Click Run Scan
• OTL will now scan your computer and produce a file named OTL.txt.
• Post in your next reply

2. aswMBR

• Using this link download aswMBR.exe to your desktop.
• Double click aswMBR.exe and select No for AVAST virus definitions.
• Click the Scan button to start.
• When the scan ends click Save Log and save it to your desktop
• Post this log in your next reply

3. Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

4. Security Check

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt please post the contents of that document.

Things I want to see in your next post.

• OTL.txt
• aswMBR log
• FSS.txt
• Checkup.txt

[robkbriggs]

Here are the results you asked for.

OTL.txt

OTL logfile created on: 9/24/2013 9:27:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 79.21% Memory free
7.31 Gb Paging File | 6.73 Gb Available in Paging File | 91.95% Paging File free
Paging file location(s): C:\pagefile.sys 4096 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 92.48 Gb Free Space | 62.08% Space Free | Partition Type: NTFS

Computer Name: DBJXLM81 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2013/08/15 04:30:07 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/15 04:30:07 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 04:30:08 | 000,144,560 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2013/08/15 04:30:07 | 002,314,416 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/15 04:30:07 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/08/15 04:30:07 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2008/01/24 19:26:36 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DP.sys -- (DP1112)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/15 04:30:08 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/06/22 08:58:22 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/10 21:10:51 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/15 14:33:52 | 000,123,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/08/04 17:47:00 | 000,205,220 | ---- | M] (Jungo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\URLSearchHook: {811FB681-61C2-4442-9C96-9F164F619ED7} - No CLSID value found
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-27DF8935B3B2}
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 09:19:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 08:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/15 04:30:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/09/09 20:44:54 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Music Connect\Remix\msptcmd.exe (MSpot)
O4 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\betsp.dll (Aventail Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\betsp.dll (Aventail Corporation)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: amaena.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: imageservr.com ([locator.cdn] http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: sysprotect.com ([scanner] http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: systemdoctor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: winantivirus.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: winantiviruspro.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..Trusted Domains: winsoftware.com ([download.cdn] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1129833835296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1143075791750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{343207A7-E769-42E8-A835-CC433AC6851C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\9040a192382: DllName - (C:\WINDOWS\system32\__c00A574E.dat) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/24 21:26:01 | 000,358,923 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark\Desktop\FSS.exe
[2013/09/24 21:25:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark\Desktop\aswmbr.exe
[2013/09/24 10:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/05/09 10:51:17 | 064,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe
[2007/01/21 22:11:49 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdm.sys
[2007/01/21 22:11:49 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmserd.sys
[2007/01/21 22:11:49 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmbus.sys
[2007/01/21 22:11:49 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdfl.sys
[2007/01/21 22:11:49 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcmnt.sys
[2007/01/21 22:11:49 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmwhnt.sys
[2007/01/21 22:11:49 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcr.sys
[2006/10/10 21:10:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermptxp.sys
[2006/10/10 21:10:51 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermpt.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/24 21:26:19 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\SecurityCheck.exe
[2013/09/24 21:26:05 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark\Desktop\FSS.exe
[2013/09/24 21:25:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark\Desktop\aswmbr.exe
[2013/09/24 21:24:30 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My PhotoParades.lnk
[2013/09/24 18:21:14 | 138,126,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/09/24 18:20:36 | 000,278,254 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2013/09/24 10:35:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/24 10:34:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/24 10:34:07 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/24 04:46:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 01:58:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/09/23 22:19:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 22:19:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/09/19 08:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/18 03:29:42 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/18 03:10:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/24 21:26:13 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\SecurityCheck.exe
[2013/09/23 22:18:49 | 3747,753,984 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 22:49:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/08 15:15:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Mark\webct_upload_applet.properties
[2008/07/19 21:09:34 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\mcs.rma
[2008/07/19 21:09:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\D1C45D
[2007/06/10 13:00:22 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mark\presets.ini
[2007/01/21 22:11:49 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_MDM.INF
[2007/01/21 22:11:49 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_BUS.INF
[2007/01/21 22:11:49 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_SDM.INF
[2007/01/21 22:11:44 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.PNF
[2007/01/21 22:11:44 | 000,013,998 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem15.PNF
[2007/01/21 22:11:44 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.PNF
[2007/01/21 22:11:44 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.PNF
[2007/01/21 22:11:44 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.PNF
[2007/01/21 22:11:44 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.inf
[2007/01/21 22:11:44 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Mark\1169439104-(null)
[2007/01/21 22:11:44 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.inf
[2007/01/21 22:11:44 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.inf
[2007/01/21 22:11:44 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.inf
[2006/10/29 16:04:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/10 21:10:51 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_BRIT.INF
[2006/10/10 21:10:51 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000.INF
[2006/10/10 21:10:51 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000XP.INF
[2006/10/10 21:10:51 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_A1000.INF
[2006/10/10 21:10:51 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Mark\USB_CMCS_2000.INF

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 19:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/10/11 17:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2013/06/27 02:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/02/26 12:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/02/22 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/22 09:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/07/17 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/05/22 09:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/02/11 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/01/31 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Punch! Software
[2012/02/08 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/22 07:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/11 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/12/12 09:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2006/10/11 17:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Aventail
[2011/12/13 07:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG Secure Search
[2011/02/22 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG10
[2007/01/02 16:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Image Zone Express
[2007/08/16 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\InterTrust
[2008/09/10 22:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\iWin
[2005/10/29 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Leadertech
[2013/09/24 20:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\PhotoParade
[2011/01/31 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Punch! Software
[2009/04/26 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Snapfish
[2012/02/08 18:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TaxCut

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 9040-A192
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/14/2013 03:03 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/14/2013 03:02 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 99,298,344,960 bytes free

< >
[2004/08/11 16:00:23 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/11 16:20:17 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006/09/10 08:23:32 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2007/05/06 17:24:39 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010/02/04 23:02:55 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/04 23:02:56 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 02:23:55 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5

< End of report >


aswMBR.txt

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 21:43:17
-----------------------------
21:43:17.703 OS Version: Windows 5.1.2600 Service Pack 3
21:43:17.703 Number of processors: 2 586 0x403
21:43:17.703 ComputerName: DBJXLM81 UserName: Mark
21:43:19.234 Initialize success
21:43:28.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:43:28.859 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
21:43:28.968 Disk 0 MBR read successfully
21:43:28.968 Disk 0 MBR scan
21:43:28.968 Disk 0 Windows XP default MBR code
21:43:28.968 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
21:43:28.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152546 MB offset 64260
21:43:28.968 Disk 0 scanning sectors +312480315
21:43:29.031 Disk 0 scanning C:\WINDOWS\system32\drivers
21:43:35.359 Service scanning
21:43:46.562 Modules scanning
21:43:57.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
21:43:57.312 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 21:43:17
-----------------------------
21:43:17.703 OS Version: Windows 5.1.2600 Service Pack 3
21:43:17.703 Number of processors: 2 586 0x403
21:43:17.703 ComputerName: DBJXLM81 UserName: Mark
21:43:19.234 Initialize success
21:43:28.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:43:28.859 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
21:43:28.968 Disk 0 MBR read successfully
21:43:28.968 Disk 0 MBR scan
21:43:28.968 Disk 0 Windows XP default MBR code
21:43:28.968 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
21:43:28.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152546 MB offset 64260
21:43:28.968 Disk 0 scanning sectors +312480315
21:43:29.031 Disk 0 scanning C:\WINDOWS\system32\drivers
21:43:35.359 Service scanning
21:43:46.562 Modules scanning
21:43:57.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
21:43:57.312 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"
21:44:03.593 Disk 0 trace - called modules:
21:44:03.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:44:03.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b226ab8]
21:44:03.625 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b206d98]
21:44:03.625 Scan finished successfully
21:44:08.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
21:44:08.546 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"




FSS.txt

Farbar Service Scanner Version: 13-09-2013
Ran by Mark (administrator) on 24-09-2013 at 21:44:35
Running from "C:\Documents and Settings\Mark\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Checkup.txt

Results of screen317's Security Check version 0.99.73
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Windows Defender Signatures
Windows Defender
Java™ 6 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




Thanks,
Rob

[Nutloaf]

Thanks for the logs

It will take some time to go through these and I need my fix to be checked.

I will post as soon as possible

[Nutloaf]

Hi there, well the verdict is:

There are some leftovers from previous infections and an outdated Antivirus that isn't running so well. I ask you to remove AVG, remove some bad files with OTL and install a free Antivirus.


There are 2 steps to remove AVG. I'd like you to carry out both. If you encounter problems uninstalling AVG in step 1 then proceed with step 2 and get back to me


Please follow in the order given


1. Uninstall

I have asked for Ad-Aware to be uninstalled as this is a bit dated know. I have also included AVG in case the above tool failed.

• Click Start then select Control Panel
• In control panel click Add or Remove Programs and uninstall the following:
• Fast Browser Search Protection
• Ad-Aware
• AVG Security Toolbar
• AVG 2011

2. AVG Remover tool

• Use this link to Download the AVG Remover tool and save to your Desktop
• Double click the icon to run it and follow the instructions.
• Restart your computer when prompted.

3. OTL Fix

• Double click the OTL icon
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  SRV - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
  SRV - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
  SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
  SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
  SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
  DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DP.sys -- (DP1112)
  
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
  IE - HKCU\..\URLSearchHook: {811FB681-61C2-4442-9C96-9F164F619ED7} - No CLSID value found
  IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-27DF8935B3B2}
  IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 09:19:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
  FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
  FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 08:20:57 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/15 04:30:25 | 000,000,000 | ---D | M]
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
  O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
  O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
  O4 - HKLM..\RunOnceEx: [] File not found
  O15 - HKCU\..Trusted Domains: amaena.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: imageservr.com ([locator.cdn] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: sysprotect.com ([scanner] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: systemdoctor.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantivirus.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantiviruspro.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winsoftware.com ([download.cdn] http in Trusted sites)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
  O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
  O20 - Winlogon\Notify\9040a192382: DllName - (C:\WINDOWS\system32\__c00A574E.dat) - File not found
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
  
  [2009/05/09 10:51:17 | 064,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe
  [2013/09/24 18:21:14 | 138,126,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
  [2013/09/24 18:20:36 | 000,278,254 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
  [2007/07/17 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
  [2008/09/10 22:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\iWin
  [2011/02/22 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG10
  [2011/02/22 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
  
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5
  
  :FILES
  C:\StubInstaller.exe
  C:\Program Files\Lavasoft
  C:\Program Files\AVG Secure Search
  C:\Program Files\Common Files\AVG Secure Search
  C:\Program Files\AVG
  C:\Documents and Settings\All Users\Application Data\AVG Secure Search
  ipconfig /flushdns /c
  netsh winsock reset catalog /c
  netsh int ip reset c:\resetlog.txt /c
  ipconfig /release /c
  ipconfig /renew /c
  netsh firewall reset /c
  
  :COMMANDS
  [EMPTYTEMP]
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

4. Run ADWcleaner

• Using this link Download ADWcleaner and save to Desktop.
• Double click ADWcleaner then select Scan
• When the search is complete click Report. Please post this report in your next reply.

5. INSTALL ANTIVIRUS

AVAST offers great free protection and also informs you of software updates which is important for security.

• Avast Free Antivirus
• Click Download then select No, thanks I want free protection
• Click the Green Download Now button and follow the prompts to install
• Run a Quick scan and let me know if and what is found.

Things I want to see in your next post.

• OTL fix.txt
• ADWcleaner log
• AVAST scan items found?

[robkbriggs]

Hi,
I'm working my way through the list. Just one thing, I removed Fast Browser Search Protection, but there is still an entry in Add\Remove programs for Fast Browser Search. Is that a concern?


Thanks,
Rob

[Nutloaf]

Hi

Thanks for letting me know. I will remove this in a later post

[robkbriggs]

Hello,

I'm running OTL according to the directions, but it has been sitting with a 'Not Responding' message on the window for over two hours. Should I just leave it?

Thanks,
Rob

[Nutloaf]

Hi there can you tell me at what point in the fix it's stuck on. I can then edit the fix or take appropriate action. If you are not sure then let me know that O.K?

[robkbriggs]

It did not show which part of the fix that it was on. I copied the text in and selected 'Run Fix'. When I came back later the screen saver was on, I moved the mouse, and all it showed was not responding, and the OTL window was just white. I let it sit all night, and then just turned the PC off this morning.

[Nutloaf]

O.K

Can you turn the screensaver off for me until we are done

Can you try that fix for me once more. If it freezes again, note where then:

If OTL is not responding then simply press CTRL-ALT-DEL to start Task Manager. select OTL and End Task. If the fix fails to go through then proceed as follows:


Sometimes OTL can hang on Firefox lines, I have removed those lines so could you try this fix instead

Ammended OTL Fix

• Double click the OTL icon
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  SRV - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
  SRV - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
  SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
  SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
  SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
  DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DP.sys -- (DP1112)
  
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
  IE - HKCU\..\URLSearchHook: {811FB681-61C2-4442-9C96-9F164F619ED7} - No CLSID value found
  IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-27DF8935B3B2}
  IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 09:19:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
  O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
  O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
  O4 - HKLM..\RunOnceEx: [] File not found
  O15 - HKCU\..Trusted Domains: amaena.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: imageservr.com ([locator.cdn] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: sysprotect.com ([scanner] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: systemdoctor.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantivirus.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantiviruspro.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winsoftware.com ([download.cdn] http in Trusted sites)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
  O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
  O20 - Winlogon\Notify\9040a192382: DllName - (C:\WINDOWS\system32\__c00A574E.dat) - File not found
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
  
  [2009/05/09 10:51:17 | 064,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe
  [2013/09/24 18:21:14 | 138,126,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
  [2013/09/24 18:20:36 | 000,278,254 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
  [2007/07/17 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
  [2008/09/10 22:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\iWin
  [2011/02/22 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG10
  [2011/02/22 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
  
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5
  
  :FILES
  C:\StubInstaller.exe
  C:\Program Files\Lavasoft
  C:\Program Files\AVG Secure Search
  C:\Program Files\Common Files\AVG Secure Search
  C:\Program Files\AVG
  C:\Documents and Settings\All Users\Application Data\AVG Secure Search
  ipconfig /flushdns /c
  netsh winsock reset catalog /c
  netsh int ip reset c:\resetlog.txt /c
  ipconfig /release /c
  ipconfig /renew /c
  netsh firewall reset /c
  
  :COMMANDS
  [EMPTYTEMP]
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

[robkbriggs]

It appears that it is hanging on this line

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

After you asked me to turn the screen saver off and rerun, I did. When I returned home just now, it was still sitting at that point. It was at the same point when I left, which was over 5 hours ago.

Edited by robkbriggs, 26 September 2013 - 06:44 PM.

[Nutloaf]

Thanks for the info. Did AVG uninstall O.K?

I have edited the fix so this should run O.K

OTL Fix

• Double click the OTL icon
• Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  SRV - [2008/09/07 17:13:56 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
  SRV - [2013/08/15 04:30:07 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
  SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
  SRV - [2011/11/10 07:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
  SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
  DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DP.sys -- (DP1112)
  
  IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
  IE - HKCU\..\URLSearchHook: {811FB681-61C2-4442-9C96-9F164F619ED7} - No CLSID value found
  IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...3-27DF8935B3B2}
  IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 09:19:34&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
  FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
  FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 08:20:57 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/15 04:30:25 | 000,000,000 | ---D | M]
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
  O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
  O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
  O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
  O4 - HKLM..\RunOnceEx: [] File not found
  O15 - HKCU\..Trusted Domains: amaena.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: imageservr.com ([locator.cdn] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: sysprotect.com ([scanner] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: systemdoctor.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantivirus.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winantiviruspro.com ([www] http in Trusted sites)
  O15 - HKCU\..Trusted Domains: winsoftware.com ([download.cdn] http in Trusted sites)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
  O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
  O20 - Winlogon\Notify\9040a192382: DllName - (C:\WINDOWS\system32\__c00A574E.dat) - File not found
  
  [2009/05/09 10:51:17 | 064,470,784 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe
  [2013/09/24 18:21:14 | 138,126,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
  [2013/09/24 18:20:36 | 000,278,254 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
  [2007/07/17 16:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
  [2008/09/10 22:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\iWin
  [2011/02/22 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\AVG10
  [2011/02/22 09:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
  
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5
  
  :FILES
  C:\StubInstaller.exe
  C:\Program Files\Lavasoft
  C:\Program Files\AVG Secure Search
  C:\Program Files\Common Files\AVG Secure Search
  C:\Program Files\AVG
  C:\Documents and Settings\All Users\Application Data\AVG Secure Search
  ipconfig /flushdns /c
  netsh winsock reset catalog /c
  netsh int ip reset c:\resetlog.txt /c
  ipconfig /release /c
  ipconfig /renew /c
  netsh firewall reset /c
  
  :COMMANDS
  [EMPTYTEMP]
  

• Then click Run Fix
• Click O.K if asked to Reboot.
• An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
• Copy and Paste the Fix Log in your next reply.

[robkbriggs]

Yes,
AVG Uninstalled without incident. I'll run OTL with the updated fix and report back.

[Nutloaf]