Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Opening The Internet Brings PC To A Standstill [Solved]

Started by robkbriggs , Sep 24 2013 07:36 PM

This topic is locked

#16
robkbriggs

Posted 26 September 2013 - 08:51 PM

Member

Topic Starter
Member
152 posts

Here is the OTL Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named aawservice was found to stop!
Service\Driver key aawservice not found.
File C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe not found.
Error: No service named vToolbarUpdater15.5.0 was found to stop!
Service\Driver key vToolbarUpdater15.5.0 not found.
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe not found.
Error: No service named AVG Security Toolbar Service was found to stop!
Service\Driver key AVG Security Toolbar Service not found.
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
File C:\Program Files\AVG\AVG10\avgwdsvc.exe not found.
Error: No service named DP1112 was found to stop!
Service\Driver key DP1112 not found.
File C:\WINDOWS\system32\Drivers\DP.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{811FB681-61C2-4442-9C96-9F164F619ED7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{811FB681-61C2-4442-9C96-9F164F619ED7}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1541527789-1678929206-1904854788-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG10\Firefox4\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar not found.
File C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
File C:\Program Files\AVG\AVG10\avgssie.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_TRAY not found.
File C:\Program Files\AVG\AVG10\avgtray.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files\AVG Secure Search\vprot.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imageservr.com\locator.cdn\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sysprotect.com\scanner\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com\download.cdn\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File C:\Program Files\AVG\AVG10\avgpp.dll not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\9040a192382\ not found.
C:\Documents and Settings\All Users\avg_free_stf_en_85_325a1500.exe moved successfully.
File C:\WINDOWS\System32\drivers\AVG\incavi.avm not found.
File C:\WINDOWS\System32\drivers\AVG\iavichjg.avm not found.
C:\Documents and Settings\All Users\Application Data\iWin Games\opal folder moved successfully.
C:\Documents and Settings\All Users\Application Data\iWin Games\drm\data folder moved successfully.
C:\Documents and Settings\All Users\Application Data\iWin Games\drm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\iWin Games folder moved successfully.
C:\Documents and Settings\Mark\Application Data\iWin\jewelquest2_aol folder moved successfully.
C:\Documents and Settings\Mark\Application Data\iWin folder moved successfully.
Folder C:\Documents and Settings\Mark\Application Data\AVG10\ not found.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D5813BA5 deleted successfully.
========== FILES ==========
C:\StubInstaller.exe moved successfully.
File\Folder C:\Program Files\Lavasoft not found.
File\Folder C:\Program Files\AVG Secure Search not found.
File\Folder C:\Program Files\Common Files\AVG Secure Search not found.
C:\Program Files\AVG\AVG8\log folder moved successfully.
C:\Program Files\AVG\AVG8 folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\components folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\skin folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons\default folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\icons folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\libs folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content\html folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome\content folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared\chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox\avg@igeared folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old\Firefox folder moved successfully.
C:\Program Files\AVG\AVG10\Toolbar.old folder moved successfully.
C:\Program Files\AVG\AVG10 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\AVG Secure Search not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.1.18
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
< netsh firewall reset /c >
Ok.
C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 8769238 bytes

User: Mark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297627930 bytes
->Java cache emptied: 58158221 bytes
->Flash cache emptied: 2110244 bytes

User: NetworkService
->Temp folder emptied: 1103988 bytes
->Temporary Internet Files folder emptied: 62789815 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2328896 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 24192 bytes
Windows Temp folder emptied: 331825836 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 403654655 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1526258614 bytes

Total Files Cleaned = 2,570.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09262013_191857

Files\Folders moved on Reboot...
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\123JQFVQ\page__gopid__2335019[1].htm moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here is the ADW Log

# AdwCleaner v3.005 - Report created 26/09/2013 at 19:29:28
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mark - DBJXLM81
# Running from : C:\Documents and Settings\Mark\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Temp\Uninstall.exe
File Found : C:\Temp\Uninstall.exe
File Found : C:\Temp\Uninstall.exe
File Found : C:\Temp\Uninstall.exe
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Program Files\Fast Browser Search

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Key Found : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [6170 octets] - [26/09/2013 19:29:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6230 octets] ##########

Avast found threats, but I don't know how to get the log file.

#17
Nutloaf

Posted 27 September 2013 - 07:36 AM

Trusted Helper

Malware Removal
1,790 posts

Hi there.

Can you take a screenshot and post it here?

Here's how:

On the Avast screen click Maintenance - Scan Logs - Select the scan and click View Results click the results window and press ALT + PrtScrn. Now open Paint select Paste Save the image to your Desktop and attach in your post.

#18
Nutloaf

Posted 27 September 2013 - 03:32 PM

Trusted Helper

Malware Removal
1,790 posts

Hi there

Forget the Screenshot unless you have done that. The Avast logs are in the following location:

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report (or \log) - Date and Time of the scan.

This will be a text file that you can copy and paste in your reply.

In the meantime you can carry on with the next step :thumbsup:

We need to remove what ADWcleaner found and check for leftovers with JRT. I notice you have Malwarbytes installed we will use this and an ESET scan. The ESET scan may take a few hours or more to finish.

1. Run ADWcleaner

Double click ADWcleaner then select Scan
Once the scan is complete click Clean
A reboot will be asked for click O.K
On reboot a log will be produced, please post in your next reply.

2. Junkware Removal Tool

Posted Image

1. Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Double click JRT.exe
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

3. UPDATE AND RUN MALWAREBYTES

You have Malwarebytes currently installed on the PC

Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
Once complete click the Scanner Tab and select Perform quick scan
The scan will take a few minutes. Once complete click O.K and Show Results
Make sure anything found is checked and click Remove Selected
A reboot may be needed please proceed if asked.
If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.

4. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.

IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
then click on: Start
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you copy the logfile
Then click on: Finish
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I want to see in your next post.

ADWcleaner log
JRT.txt
Malwarebytes results
ESET results
Avast log.

#19
robkbriggs

Posted 28 September 2013 - 02:14 PM

Member

Topic Starter
Member
152 posts

adwcleaner Log

# AdwCleaner v3.005 - Report created 27/09/2013 at 17:31:09
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mark - DBJXLM81
# Running from : C:\Documents and Settings\Mark\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\Fast Browser Search
File Deleted : C:\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[#] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[#] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[#] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[#] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[#] Key Deleted : HKLM\SOFTWARE\Classes\S
[#] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07183.TBSB07183.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07183.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [6310 octets] - [26/09/2013 19:29:28]
AdwCleaner[R1].txt - [6370 octets] - [27/09/2013 17:30:21]
AdwCleaner[S0].txt - [6249 octets] - [27/09/2013 17:31:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6309 octets] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Mark on Sat 09/28/2013 at 9:04:13.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/28/2013 at 9:10:03.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MalwareBytes Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark :: DBJXLM81 [administrator]

9/28/2013 10:31:22 AM
mbam-log-2013-09-28 (10-31-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384123
Time elapsed: 1 hour(s), 26 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\AdwCleaner\Quarantine\C\Program Files\Fast Browser Search\IE\fastbrowsersearchprotection.exe.vir.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Fast Browser Search\IE\fbsprotectioninstall.exe.vir.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Fast Browser Search\IE\fbstoolbar.exe.vir.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Fast Browser Search\IE\update.exe.vir (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2925\A0143876.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\02000000fda5dbccC.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\02000000fda5dbccO.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\02000000fda5dbccP.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\02000000fda5dbccR.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\02000000fda5dbccS.manifest (Malware.Trace) -> Quarantined and deleted successfully.

(end)

Eset online sca log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d5dba1d0aee7424c827b6d53f28da49b
# engine=15293
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-28 07:43:41
# local_time=2013-09-28 01:43:41 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777214 85 91 0 156185693 0 0
# compatibility_mode=5892 16776574 100 100 212075289 236570297 0 0
# scanned=166273
# found=16
# cleaned=0
# scan_time=4248
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\Documents and Settings\Mark\My Documents\SmitfraudFix\Process.exe"
sh=904552C6D3D62C2C2897565F3DAD5FF5F92A4500 ft=1 fh=78f1739f17135b7d vn="Win32/Shutdown.NAA application" ac=I fn="C:\Documents and Settings\Mark\My Documents\SmitfraudFix\restart.exe"
sh=80F6E90201CC00B33019FBDB4B2AF2B71D549C40 ft=1 fh=1e5f2913e1eb3d3a vn="probably a variant of Win32/Adware.AVSystemCare application" ac=I fn="C:\Temp\NI.UWA6P_0001_N69M0303\setup.exe.vir"
sh=17ACB7A0FCC4F71A999487DA3C0730726F3E8D76 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\34[1].htm"
sh=AB35D1951F039BC1D2F43C7D0FB8141D23CEF847 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1]"
sh=67A8B2A4475DD6390EDDDD2B37D19A1159766386 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1].htm"
sh=FB465115A0C6B5D22DD01C53330846B9C674D006 ft=0 fh=0000000000000000 vn="Win32/Adware.SpyShredder application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[1].htm"
sh=E39D80112443A36AA7C3B48F2F492D2DD5D7CED6 ft=0 fh=0000000000000000 vn="Win32/Adware.SpyShredder application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[2].htm"
sh=0281F44946D0A7ECD1962822FD4BECBE745992B3 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1]"
sh=FFF3CFA5FB19A66BC5A9468A9BA236482D47AA24 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1].htm"
sh=04F8017ECC9735EAF28A5A64ED6D0184F133E876 ft=0 fh=0000000000000000 vn="Win32/Adware.Antivirus2008 application" ac=I fn="C:\Temp\Temporary Internet Files\Content.IE5\U8M9N1WC\35[1].htm"
sh=AF6A3422F4B41995CCB901F27DC2B0044C27AAC7 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\accdd.bak1"
sh=7511B85E35E2B74DD458944E036D6E866C249870 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\accdd.bak2"
sh=811A3B997A53DBE2C7948EB8B489613306EC3EA2 ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\accdd.ini"
sh=563308E482871767DA824F73569382B28F4008BD ft=0 fh=0000000000000000 vn="Win32/Adware.Virtumonde.NEO application" ac=I fn="C:\WINDOWS\system32\accdd.ini2"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\WINDOWS\system32\Process.exe"

Avast Log

*
* avast! Scan Report
* This file is generated automatically
*
* Scan name: Quick scan
* Started on: Thursday, September 26, 2013 8:08:45 PM
* VPS: 130926-2, 09/26/2013
*

C:\Temp\Temporary Internet Files\Content.IE5\U8M9N1WC\fileslist[1].js [L] JS:FakeAV-FF [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\U8M9N1WC\35[1].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[2].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[1].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\34[1].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1].htm [L] JS:FakeAV-EL [Trj] (0)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgButton.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgButtonFinished.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgCloseProgram.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgDownloadBarEmpty.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgDownloadBarError.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgDownloadBarFull.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgHeaderError.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\bgListBullet.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonCenter.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonCenterHighlight.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonLeft.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonLeftHighlight.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonRight.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\buttonRightHighlight.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\iconBlank.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\iconComplete.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\iconError.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\iconHeader.png [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\jspArrowDown.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\jspArrowUp.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>images\logoAdobe.gif [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_css\default.css [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_css\openx.css [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\app.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\bundleloader.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\host.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\httpdownload.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\interop.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\jshelper.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\json2.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\oserror.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\skinwindow.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\skinwindowprompt.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\textfilereader.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_host\textfilewriter.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionairappexists.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionairappinstall.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionairruntimeexists.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actioncheckreaderversion.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actioncheckuninstall.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actiondiskspace.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actiondownload.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actiondownloadadobe.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actiongccheck.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actiongtbcheck.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionitem.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlaunch.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlaunchadobe.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlaunchchrome.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlaunchflashplayer.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlaunchreader.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionlist.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionregistrykeypathcheck.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\actionregistryvaluecheck.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\adobe.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\authenticate.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\index.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\jquery.hasevent.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\jquery.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\jquery.jscrollpane.min.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\jquery.mousewheel.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-cs.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-da.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-de.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-en.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-es.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-fi.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-fr.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-it.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-ja.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-ko.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-nl.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-no.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-pl.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-pt.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-ru.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-sv.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-tr.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-zh-cn.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\language-zh-tw.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\mwheelIntent.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\ping.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>_js\sitecatalyst.js [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>app.config.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>bundles.json [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>download.solidconfig [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>downloader.bundle [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>gccheck.exe [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>gtbcheck.exe [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>index.html [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-cs.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-da.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-de.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-es.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-fi.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-fr.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-it.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-ja.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-ko.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-nl.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-no.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-pl.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-pt.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-ru.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-sv.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-tr.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-zh-cn.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language-zh-tw.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>language.xml [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>launcher.bundle [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>logo.ico [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>openx.html [E] Archive is password protected. (42056)
C:\Temp\install_reader11_en_gtbp_chrd_aih[1].exe|>window.config.xml [E] Archive is password protected. (42056)
Infected files: 7
Total files: 48399
Total folders: 11283
Total size: 15.1 GB

*
* Scan stopped: Thursday, September 26, 2013 8:35:25 PM
* Run-time was 26 minute(s), 40 second(s)
*

#20
Nutloaf

Posted 28 September 2013 - 02:40 PM

Trusted Helper

Malware Removal
1,790 posts

Phew quite a bit removed there! There are a couple of things to look at here so bear with me for the next post.

In the meantime how is the PC running now?

#21
robkbriggs

Posted 28 September 2013 - 02:57 PM

Member

Topic Starter
Member
152 posts

It seems like it's runing a lot better.

#22
Nutloaf

Posted 28 September 2013 - 03:05 PM

Trusted Helper

Malware Removal
1,790 posts

Great news. The items found, at first glance, seem to be everything we have been targeting so far

My next post will have to be cleared by my instructor and I have some things to look over here, so you should receive my next post tomorrow.

Thanks for sticking with me, Nutloaf.

#23
Nutloaf

Posted 29 September 2013 - 06:56 AM

Trusted Helper

Malware Removal
1,790 posts

Hi there, we need to clean what ESET found and update Java and Adobe. I have asked for another OTL scan to see the state of play on the machine.

1. OTL Fix

Double click the OTL icon.
Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:FILES
C:\Documents and Settings\Mark\My Documents\SmitfraudFix
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\Process.exe
C:\Temp\NI.UWA6P_0001_N69M0303
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\34[1].htm
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1].htm
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[1].htm
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[2].htm
C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1]
C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1].htm
C:\Temp\Temporary Internet Files\Content.IE5\U8M9N1WC\35[1].htm
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1]

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Fast Browser SearchP"=-
[-HKEY_CLASSES_ROOT\protector_dll.protectorbho]
[-HKEY_CLASSES_ROOT\protector_dll.protectorbho.1]

:COMMANDS
[EMPTYTEMP]
Then click Run Fix
Click O.K if to Reboot.
An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
Copy and Paste the Fix Log in your next reply.

2. Do You Need Java? Please read:

Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

Update or Remove Java
Use this link to download JavaRa
Run JavaRa.exe, then click on Remove Java Runtime.
Select the Java version you have from the drop down list, and then click on Run Uninstaller
Press Yes if it asks to uninstall the product.
Allow the uninstaller to remove the installed version.
Follow the next steps only if you want to keep Java install the latest version
When its finished, go back to JavaRa, and click Back
Click on Update Java Runtime and then select Download and install latest version.
Press Next
Press Java Manual Download.
A browser window will open with the Java download page.
Click the Windows offline link to download Java.
Run the installer.
Close JavaRa

3. UPDATE ADOBE

Adobe is bundled with Chrome, Google toolbar and or McAfee Security Scan. Uncheck the boxes before downloading Flash player.

ADOBE FLASH PLAYER 11

4. OTL Scan

Double click the OTL icon.
Select the following boxes:
Scan All Users
Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name WhiteList
LOP Check
Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

C:\Documents and Settings\Mark\Application Data\02000000f* /s
Now Click Run Scan
OTL will now scan your computer and produce a log file OTL.txt
Please post in your next reply

Things I want to see in your next post.

OTL fix.txt
OTL.txt
Are there any other problems?
Are the browsers functioning?

#24
robkbriggs

Posted 29 September 2013 - 10:19 AM

Member

Topic Starter
Member
152 posts

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Mark\My Documents\SmitfraudFix folder moved successfully.
C:\WINDOWS\system32\accdd.bak1 moved successfully.
C:\WINDOWS\system32\accdd.bak2 moved successfully.
C:\WINDOWS\system32\accdd.ini moved successfully.
C:\WINDOWS\system32\accdd.ini2 moved successfully.
C:\WINDOWS\system32\Process.exe moved successfully.
C:\Temp\NI.UWA6P_0001_N69M0303 folder moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\34[1].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[1].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\5[2].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1] moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\MVC3ZSTS\scanner.powerantivirus-2009[1].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\U8M9N1WC\35[1].htm moved successfully.
C:\Temp\Temporary Internet Files\Content.IE5\DR717HRC\35[1] moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Fast Browser SearchP not found.
Registry value HKEY_CLASSES_ROOT\protector_dll.protectorbho\\ deleted successfully.
Registry value HKEY_CLASSES_ROOT\protector_dll.protectorbho.1\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 23270817 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 694 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148587155 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10285040 bytes

Total Files Cleaned = 174.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09292013_094217

Files\Folders moved on Reboot...
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\JPWZAV6N\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Scan Log

OTL logfile created on: 9/29/2013 09:53:17 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 86.38% Memory free
7.31 Gb Paging File | 7.01 Gb Available in Paging File | 95.87% Paging File free
Paging file location(s): C:\pagefile.sys 4096 6144 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 95.18 Gb Free Space | 63.89% Space Free | Partition Type: NTFS

Computer Name: DBJXLM81 | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/29 02:17:10 | 002,102,784 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13092900\algo.dll
MOD - [2008/01/24 19:26:36 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccPwdSvc)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - [2013/09/25 18:42:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/04/03 18:12:14 | 000,014,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/30 17:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/30 01:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 01:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 01:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 01:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 01:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 01:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 01:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 01:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/06/22 08:58:22 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/10 21:10:51 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/06/16 15:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 09:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 08:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 08:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 08:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 08:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/15 14:33:52 | 000,123,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/08/04 17:47:00 | 000,205,220 | ---- | M] (Jungo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\windrvr.sys -- (WinDriver)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2008/09/09 20:44:54 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006..\Run: [mSpotAlltelRemix] C:\Program Files\Alltel Music Connect\Remix\msptcmd.exe (MSpot)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\betsp.dll (Aventail Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1129833835296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1143075791750 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{343207A7-E769-42E8-A835-CC433AC6851C}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{495557ec-9779-11e0-8c69-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d0e6f6-cee9-11de-8c1d-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell - "" = AutoRun
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f277d0d2-fac0-11dd-bb71-00142232af4b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/29 09:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\JavaRa
[2013/09/28 12:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/28 10:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/28 10:29:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/28 10:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/28 09:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/27 17:29:45 | 001,030,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\Mark\Desktop\JRT.exe
[2013/09/26 19:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/09/26 19:32:48 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/26 19:32:48 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/26 19:32:46 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/26 19:32:46 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/26 19:32:45 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/26 19:32:43 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/26 19:32:43 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/26 19:32:09 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/09/26 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/26 19:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/26 19:29:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/25 19:48:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 18:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\TuneUp Software
[2013/09/24 21:26:01 | 000,358,923 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark\Desktop\FSS.exe
[2013/09/24 21:25:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark\Desktop\aswmbr.exe
[2013/09/24 10:40:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2007/01/21 22:11:49 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdm.sys
[2007/01/21 22:11:49 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmserd.sys
[2007/01/21 22:11:49 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmbus.sys
[2007/01/21 22:11:49 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmmdfl.sys
[2007/01/21 22:11:49 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcmnt.sys
[2007/01/21 22:11:49 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmwhnt.sys
[2007/01/21 22:11:49 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Mark\mqdmcr.sys
[2006/10/10 21:10:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermptxp.sys
[2006/10/10 21:10:51 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mark\usbsermpt.sys

========== Files - Modified Within 30 Days ==========

[2013/09/29 09:45:18 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/29 09:44:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/29 09:44:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/29 09:44:01 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 09:41:54 | 000,160,350 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\JavaRa.zip
[2013/09/28 10:30:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/27 17:29:51 | 001,030,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\Mark\Desktop\JRT.exe
[2013/09/26 19:32:49 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/26 19:32:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/26 13:38:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My PhotoParades.lnk
[2013/09/25 18:54:11 | 131,918,888 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\avast_free_antivirus_setup.exe
[2013/09/25 18:48:57 | 001,042,066 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\AdwCleaner.exe
[2013/09/25 18:42:58 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/25 18:28:45 | 138,239,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2013/09/24 21:44:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\MBR.dat
[2013/09/24 21:26:19 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\SecurityCheck.exe
[2013/09/24 21:26:05 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark\Desktop\FSS.exe
[2013/09/24 21:25:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark\Desktop\aswmbr.exe
[2013/09/24 10:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2013/09/24 04:46:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 01:58:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/09/23 22:19:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/23 22:19:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/09/19 08:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/18 03:29:42 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/18 03:10:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/09/29 09:41:53 | 000,160,350 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\JavaRa.zip
[2013/09/28 10:30:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 19:32:49 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/26 19:32:45 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/26 19:32:45 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/26 19:32:44 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/25 18:53:32 | 131,918,888 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\avast_free_antivirus_setup.exe
[2013/09/25 18:48:56 | 001,042,066 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\AdwCleaner.exe
[2013/09/25 18:42:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/24 21:43:57 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\MBR.dat
[2013/09/24 21:26:13 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\SecurityCheck.exe
[2013/09/23 22:18:49 | 3747,753,984 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 22:49:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/08 15:15:16 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Mark\webct_upload_applet.properties
[2008/07/19 21:09:34 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\mcs.rma
[2008/07/19 21:09:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\D1C45D
[2007/06/10 13:00:22 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Mark\presets.ini
[2007/01/21 22:11:49 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_MDM.INF
[2007/01/21 22:11:49 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_BUS.INF
[2007/01/21 22:11:49 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Mark\MCCI_SDM.INF
[2007/01/21 22:11:44 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.PNF
[2007/01/21 22:11:44 | 000,013,998 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem15.PNF
[2007/01/21 22:11:44 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.PNF
[2007/01/21 22:11:44 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.PNF
[2007/01/21 22:11:44 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.PNF
[2007/01/21 22:11:44 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem19.inf
[2007/01/21 22:11:44 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Mark\1169439104-(null)
[2007/01/21 22:11:44 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem17.inf
[2007/01/21 22:11:44 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem16.inf
[2007/01/21 22:11:44 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Mark\Copy of oem18.inf
[2006/10/29 16:04:10 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/10 21:10:51 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_BRIT.INF
[2006/10/10 21:10:51 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000.INF
[2006/10/10 21:10:51 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Mark\USBMOT2000XP.INF
[2006/10/10 21:10:51 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Mark\USB_MOT_A1000.INF
[2006/10/10 21:10:51 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Mark\USB_CMCS_2000.INF

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 19:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/26 19:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/10/11 17:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2011/02/22 09:02:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/25 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/02/11 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/01/31 19:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Punch! Software
[2012/02/08 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2011/02/22 07:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/11 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/12/12 09:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2006/10/11 17:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Aventail
[2007/01/02 16:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Image Zone Express
[2007/08/16 18:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\InterTrust
[2005/10/29 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Leadertech
[2013/09/24 20:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\PhotoParade
[2011/01/31 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Punch! Software
[2009/04/26 22:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Snapfish
[2012/02/08 18:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TaxCut
[2013/09/25 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TuneUp Software

========== Custom Scans ==========

< C:\Documents and Settings\Mark\Application Data\02000000f* /s >
[2004/08/11 16:00:23 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/11 16:20:17 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2006/09/10 08:23:32 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2007/05/06 17:24:39 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010/02/04 23:02:55 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/04 23:02:56 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/03 02:23:55 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/09/25 18:42:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/09/26 19:32:44 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

< >

< >

< >

< End of report >

I ran JavaRa and removed Java, although it removed only the newest version. It still shows Java 6 update 11, J2SE version 5 update 8, and Java 2 Runtime Environment 1.4.2_03 in add remove programs. Would it be all right to uninstall those?

I made sure that Flash is updated to that latest version. I have noticed that in addition to Adobe Reader XI, Addobe Acrobat Reader 5.1 is installed. Would it be okay to uninstall that?

I think the PC is running fine for a PC of it's age. As far as I know the only thing it is used for it that my uncle checks his email and does his online banking on it. At one time they used it for a family PC, so there are pictures, documents, tax files, etc. on it that are from his kids and wife. I don't want to get rid of any of that stuff. one thing that I personally would like to remove are the online games that have been downloaded. I don't know about the ones he has on here specifically, but I know that in general, they are pretty notorious for adding crapware on to a PC. From what he said , he doesn't play any of them so it won't be a loss. I would also like to uninstall any toolbars that are on it. the only browser he uses is IE. Also, there is a folder at C:\Temp that is approximately 7.3 GB. Would there be any reason not to clean it out?

Thanks,
Rob

#25
Nutloaf

Posted 29 September 2013 - 05:44 PM

Trusted Helper

Malware Removal
1,790 posts

Hi I have a post nearly ready for my instructor to pass addressing all the issues above. One thing though can you tell me what is in the C:\Temp that is approximately 7.3 GB folder?

#26
robkbriggs

Posted 29 September 2013 - 05:55 PM

Member

Topic Starter
Member
152 posts

Sure,
It looks like the majority of them (about 6.6 GB) are temporary folders left over form transferring photos from a camera to the PC. In the Environment Variables, the user variables for this user are set to C:\Temp for botth Temp and TMP, instead of C:\Documents and Settings\%username%\Local Settings\Temp. I'd be happy to send a screen shot.

#27
Nutloaf

Posted 29 September 2013 - 06:09 PM

Trusted Helper

Malware Removal
1,790 posts

Thanks for the info Rob.

They are probably old files that are no longer needed if the transfer of photos went well.

I will put all this info and my fix forward to my guru

and have a post for you tomorrow :thumbsup:

#28
Nutloaf

Posted 30 September 2013 - 09:06 AM

Trusted Helper

Malware Removal
1,790 posts

Hello there

Regarding Java if you no longer want it then yes Uninstall the items I have listed below.

Adobe Reader XI makes it possible to read PDF files on the web and may come in handy so keep this and keep it updated.

Adobe Acrobat Reader 5.1 this is only needed if you want to create PDF files so it can go if of no use. Adobe items like Flash and Reader need to be regulary updated to keep secure, Avast will prompt you

Yahoo can also go if not wanted. If Yahoo! mail is used then this can be accessed online.

I have also listed the games I can see intalled, one however I am not sure about and is called HighRoller if this is a game then I have listed it below.

If you decide to keep any of the programs listed below then DO NOT RUN THE OTL FIX, let me know and I can edit the items out

1. Uninstalls

Click Start then select Control Panel
In control panel click Uninstall a Program or Programs and Features and uninstall the following:
Adobe Acrobat Reader 5.1
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer - This may be listed twice
Java™ 6 Update 11
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03
MSN Toolbar
Spelling Dictionaries Support For Adobe Reader 9
Yahoo! Toolbar for Internet Explorer
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Toolbar
Yahoo! Install Manager

Installed Games

HighRoller
Hard Rock Casino
iWin Games
Jewel Quest II

2. OTL Fix

Do Not Run Fix If Keeping Any Of The Uninstalls

Right click the OTL icon and select Run as Administrator.
Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1541527789-1678929206-1904854788-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2011/01/31 18:56:38 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
[2013/09/25 18:28:45 | 138,239,079 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2013/09/25 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\TuneUp Software
[2012/12/12 09:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2006/11/11 21:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TBSB07183.TBSB07183Toolbar"=-

:FILES
C:\Program Files\Yahoo!
C:\Program Files\Java
C:\Program Files\MSN Apps\MSN Toolbar

:COMMANDS
[EMPTYTEMP]
Then click Run Fix
Click O.K if asked to Reboot.
An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
Copy and Paste the Fix Log in your next reply.

3. DEFRAGMENT HARD DRIVE

According to Security Check the drive is 6% fragmented so a defrag is a good idea.

click Start then click My Computer
Right-click Local Disk C: then click Properties.
On the Tools tab click Defragment Now
Click Defragment

Things I want to see in your next post.

OTL fix.txt
Has the Fast Browser Icon removed from Add or Remove Programs?
Is the The 7GB folder inside the C:Temp folder empty?
All O.k with PC?

#29
robkbriggs

Posted 30 September 2013 - 12:25 PM

Member

Topic Starter
Member
152 posts

I'm running a defrag right now.

Here it the OTL Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
C:\Program Files\Yahoo!\Common\yiesrvc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}\ deleted successfully.
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
File us\msntb.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1541527789-1678929206-1904854788-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
File us\msntb.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Yahoo! Search\ deleted successfully.
C:\Program Files\Yahoo!\Common\icons folder moved successfully.
C:\Program Files\Yahoo!\Common folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Dictionary\ deleted successfully.
File C:\Program Files\Yahoo!\Common not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &Maps\ deleted successfully.
File C:\Program Files\Yahoo!\Common not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Yahoo! &SMS\ deleted successfully.
File C:\Program Files\Yahoo!\Common not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ not found.
File C:\Program Files\Yahoo!\Common\yiesrvc.dll not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
C:\Program Files\Yahoo!\Common\yinst.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\system32\drivers\AVG\incavi.avm.prepare moved successfully.
C:\Documents and Settings\Mark\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\Mark\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\Mark\Application Data\TuneUp Software folder moved successfully.
C:\Documents and Settings\Default User\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\Default User\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\TuneUp Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Persistent\resources\profiles folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Persistent\resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Persistent folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\updates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\Levels\ScreenShots folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\Levels folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\BonusMaps\2_MonkeyPlayground folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\BonusMaps\1_PenguinPlayground folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\BonusMaps\1_Penguin folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources\BonusMaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins\Cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent\penguins folder moved successfully.
C:\Documents and Settings\All Users\Application Data\WildTangent folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\TBSB07183.TBSB07183Toolbar not found.
========== FILES ==========
C:\Program Files\Yahoo!\Shared\Graphics\Maverick folder moved successfully.
C:\Program Files\Yahoo!\Shared\Graphics\Indigo folder moved successfully.
C:\Program Files\Yahoo!\Shared\Graphics folder moved successfully.
C:\Program Files\Yahoo!\Shared folder moved successfully.
C:\Program Files\Yahoo!\Messenger\Profiles\ldiane_59 folder moved successfully.
C:\Program Files\Yahoo!\Messenger\Profiles folder moved successfully.
C:\Program Files\Yahoo!\Messenger folder moved successfully.
C:\Program Files\Yahoo!\Installs folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn folder moved successfully.
C:\Program Files\Yahoo!\Companion\Installs folder moved successfully.
C:\Program Files\Yahoo!\Companion\Data folder moved successfully.
C:\Program Files\Yahoo!\Companion folder moved successfully.
C:\Program Files\Yahoo! folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\SystemV folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Pacific folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Indian folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Europe folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Etc folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Australia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Atlantic folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Asia folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Antarctica folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\North_Dakota folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Kentucky folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Indiana folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Argentina folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\America folder moved successfully.
C:\Program Files\Java\jre6\lib\zi\Africa folder moved successfully.
C:\Program Files\Java\jre6\lib\zi folder moved successfully.
C:\Program Files\Java\jre6\lib\servicetag folder moved successfully.
C:\Program Files\Java\jre6\lib\security folder moved successfully.
C:\Program Files\Java\jre6\lib\management folder moved successfully.
C:\Program Files\Java\jre6\lib\images\cursors folder moved successfully.
C:\Program Files\Java\jre6\lib\images folder moved successfully.
C:\Program Files\Java\jre6\lib\im folder moved successfully.
C:\Program Files\Java\jre6\lib\i386 folder moved successfully.
C:\Program Files\Java\jre6\lib\fonts folder moved successfully.
C:\Program Files\Java\jre6\lib\ext folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs folder moved successfully.
C:\Program Files\Java\jre6\lib\deploy folder moved successfully.
C:\Program Files\Java\jre6\lib\cmm folder moved successfully.
C:\Program Files\Java\jre6\lib\audio folder moved successfully.
C:\Program Files\Java\jre6\lib\applet folder moved successfully.
C:\Program Files\Java\jre6\lib folder moved successfully.
C:\Program Files\Java\jre6\bin\new_plugin folder moved successfully.
C:\Program Files\Java\jre6\bin\client folder moved successfully.
C:\Program Files\Java\jre6\bin folder moved successfully.
C:\Program Files\Java\jre6 folder moved successfully.
C:\Program Files\Java folder moved successfully.
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us folder moved successfully.
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021 folder moved successfully.
C:\Program Files\MSN Apps\MSN Toolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13062935 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 694 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09302013_121414

Files\Folders moved on Reboot...
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\KUVAJLDO\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The PC seems to be running fine. The Fast Browser Search entry is still in add\remove programs, but if the porgram is gone then it is not a big deal. I looked back at what I typed about the C:\Temp folder and I think I gave you the wrong impression. The C:\Temp folder itself is 7 GB. I did not mean to imply that there was a folder inside C:\Temp that was 7 GB. The C:\Temp folder is still present, and all of the files and folders that were inside it are still there.

Thanks,
Rob

#30
Nutloaf

Posted 30 September 2013 - 12:37 PM

Trusted Helper

Malware Removal
1,790 posts

Thanks for that info on the TEMP folder that is something different that needs to be looked at. The temp folders have been emptied on 2 occasions here. Maybe a screenshot of the folder would be an idea