Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant popups, redirected URLs [Closed]

Started by markm , Jan 15 2014 06:33 AM

  • This topic is locked This topic is locked

#1
markm
Posted 15 January 2014 - 06:33 AM

markm

    Member

  • Member
  • PipPip
  • 18 posts
Hi Geeks to Go,

Appreciate anyone's help. For the past month, any time a "new window" is opened, the URL is hijacked and taken to an ad site.

Plus the computer will freeze, and we get a lot of "Internet Explorer has experienced a problem and needs to shut down" messages.

Really need this PC for work, please help! thanks


OTL logfile created on: 1/15/2014 7:22:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\program files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 95.65 Mb Available Physical Memory | 18.70% Memory free
1.47 Gb Paging File | 0.98 Gb Available in Paging File | 66.67% Paging File free
Paging file location(s): D:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.01 Gb Total Space | 2.14 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 128.04 Gb Total Space | 105.15 Gb Free Space | 82.13% Space Free | Partition Type: NTFS

Computer Name: VALUED-B4B48255 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/15 07:22:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\program files\OTL.exe
PRC - [2013/12/16 04:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 04:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/13 06:36:53 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/10/01 01:23:16 | 000,152,392 | ---- | M] (Apple Inc.) -- D:\iTunesHelper.exe
PRC - [2013/05/22 13:17:06 | 000,400,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/31 17:05:37 | 000,424,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon\kr5Q5.dll
MOD - [2013/12/31 17:05:15 | 000,424,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BitSaver\X4HI5NCi.dll
MOD - [2013/12/27 07:29:50 | 004,531,200 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Stabilizer\BrowserStabilizer.dll
MOD - [2013/12/27 07:29:50 | 000,181,072 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\Browser Stabilizer\BrowserStabilizerSvc.dll
MOD - [2013/10/09 06:27:27 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\7294cfff4c5922b56ee89a6879ae8eef\System.Data.ni.dll
MOD - [2013/10/09 06:27:16 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:27:11 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:26:19 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/09/13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/16 18:00:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/16 17:28:40 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 17:28:27 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/16 17:28:22 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/16 16:50:42 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/16 16:49:09 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/16 16:48:53 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 03:27:13 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/22 13:17:06 | 000,400,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2010/07/08 09:21:58 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/07/28 20:31:14 | 000,065,536 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tbhsd.sys -- (tbhsd)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bdvedisk.sys -- (BDVEDISK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Techzilla\Techzilla Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2013/02/11 19:32:23 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2011/03/30 01:22:30 | 001,034,240 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE2500xp.sys -- (Linksys_adapter_H)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 17:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/05/14 17:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/03 11:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/04/01 13:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/02/15 14:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2003/11/16 00:40:34 | 000,621,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/30 14:20:54 | 000,766,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 13:44:00 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BEA59B17-CD9D-4078-9B4C-A73040BF297B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {BEA59B17-CD9D-4078-9B4C-A73040BF297B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000e0469a04662f
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{BEA59B17-CD9D-4078-9B4C-A73040BF297B}: "URL" = http://search.condui...8533036414&UM=2
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\..\SearchScopes\{DFE5B1CC-8BA1-4C0D-9845-2AF2264BDAAE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Techzilla\Techzilla Total Security\bdtbext
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Default Profile (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Shockwave Flash = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Shockwave Flash = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.11_0\
CHR - Extension: BitSaver = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niondcpaddehfflljljkbahpackphboc\5.1\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/08/16 19:25:42 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (TaKeTheCeoupon) - {A1F54E5D-9345-8C2D-5921-9E0D04F00C42} - C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon\kr5Q5.dll ()
O2 - BHO: (BitSaver) - {D3BACACB-5796-9307-8CA2-F86552F437BC} - C:\Documents and Settings\All Users\Application Data\BitSaver\X4HI5NCi.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Documents and Settings\Owner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.co...games_com.html" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} https://disneyblast....wareControl.cab (Walt Disney Internet Group Hardware Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} http://uone.unishipp...lOptionPack.cab (Siebel Option Pack for IE 7.5.3)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {D1519EBF-06AB-4FDD-8DB2-836893F3DED7} https://plaympe.com/...ex/PlayMPEX.cab (MPEX Control)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail-chq.expeditors.com/f5-w-687474703a2f2f6e6f7465732e6277692e65693a38313935$$/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E3CD15-FF98-47ED-B538-E56B4B2D2FE7}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E7D6D45-F26A-42DB-8E5E-1AE39014ADEA}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C92EF80-C54E-4935-B246-BA558030BFCB}: DhcpNameServer = 68.87.73.242 68.87.71.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1A5CE7-DDDB-4A4C-94D3-5C404C7A3234}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5ADAAA0-E669-4195-8759-64359522E8A7}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\Browser Stabilizer\BrowserStabilizer.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\fccdddDv: DllName - (fccdddDv.dll) - File not found
O20 - Winlogon\Notify\hggfdax: DllName - (hggfdax.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\khfedcb: DllName - (khfedcb.dll) - File not found
O20 - Winlogon\Notify\opnkhii: DllName - (opnkhii.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\rqRLdbBr) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/12/01 20:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18833c27-6ea9-11db-a294-000e5c82ef73}\Shell - "" = AutoRun
O33 - MountPoints2\{18833c27-6ea9-11db-a294-000e5c82ef73}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18833c27-6ea9-11db-a294-000e5c82ef73}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{5dde93db-d5d8-11e1-a901-000ea68d32f3}\Shell - "" = AutoRun
O33 - MountPoints2\{5dde93db-d5d8-11e1-a901-000ea68d32f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5dde93db-d5d8-11e1-a901-000ea68d32f3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{7712b676-50bb-11dc-a302-000e5c82ef73}\Shell\AutoRun\command - "" = J:\Installer.exe
O33 - MountPoints2\{a82c4254-fb2e-11dc-a397-000e5c82ef73}\Shell - "" = AutoRun
O33 - MountPoints2\{a82c4254-fb2e-11dc-a397-000e5c82ef73}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a82c4254-fb2e-11dc-a397-000e5c82ef73}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a9d130b0-92ad-11de-a5ca-000ea68d32f3}\Shell - "" = AutoRun
O33 - MountPoints2\{a9d130b0-92ad-11de-a5ca-000ea68d32f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9d130b0-92ad-11de-a5ca-000ea68d32f3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{d1c4e912-2de0-11dd-a3d2-000ea68d32f3}\Shell - "" = AutoRun
O33 - MountPoints2\{d1c4e912-2de0-11dd-a3d2-000ea68d32f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d1c4e912-2de0-11dd-a3d2-000ea68d32f3}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e38a6436-b178-11df-a6e0-000ea68d32f3}\Shell - "" = AutoRun
O33 - MountPoints2\{e38a6436-b178-11df-a6e0-000ea68d32f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e38a6436-b178-11df-a6e0-000ea68d32f3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e7f84eda-b8c6-11de-a5ee-000ea68d32f3}\Shell\AutoRun\command - "" = H:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 06:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/12/31 17:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\AppData
[2013/12/31 17:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon
[2013/12/31 17:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gdjdmhfbgffmdmcpbjpaplgfoeceacco
[2013/12/31 17:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ab884503e97c13b
[2013/12/31 17:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitSaver
[2013/12/27 07:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Stabilizer
[2013/12/24 08:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/15 07:18:02 | 000,003,688 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/15 06:39:03 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-693350970-3991041457-2737315690-1003UA.job
[2014/01/14 18:39:04 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-693350970-3991041457-2737315690-1003Core.job
[2014/01/14 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2014/01/14 17:10:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/12 12:57:45 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2014/01/10 21:20:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2014/01/06 06:31:03 | 000,484,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/06 06:31:03 | 000,080,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/25 20:48:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/17 16:13:01 | 000,037,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/09/30 19:44:21 | 000,073,113 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1380588007.bdinstall.bin
[2013/09/29 18:56:52 | 001,168,621 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1380497913.bdinstall.bin
[2012/02/19 15:46:00 | 001,749,694 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-693350970-3991041457-2737315690-1003-0.dat
[2012/02/19 15:45:58 | 000,184,342 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/14 17:46:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/29 10:08:04 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2010/10/22 08:04:09 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/09/19 14:55:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 1/15/2014 7:22:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\program files
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 95.65 Mb Available Physical Memory | 18.70% Memory free
1.47 Gb Paging File | 0.98 Gb Available in Paging File | 66.67% Paging File free
Paging file location(s): D:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.01 Gb Total Space | 2.14 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 128.04 Gb Total Space | 105.15 Gb Free Space | 82.13% Space Free | Partition Type: NTFS

Computer Name: VALUED-B4B48255 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"D:\program files\listgardenwin.exe" = D:\program files\listgardenwin.exe:*:Enabled:ListGarden -- (Software Garden, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"D:\program files\photostory\PhotoStory3.exe" = D:\program files\photostory\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows -- (Microsoft Corp.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\iTunes.exe" = D:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4C75086F-7753-41B9-8B4C-F38DE6CC8C20}" = VAIO Remote Commander Utility 6.2
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{53B21E29-3967-C332-57EB-C02631658584}" = TaKeTheCeoupon
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{59498F87-43F8-4A02-AAE6-DD91519A9D05}" = SANYO Screen Capture 1.1
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{2e0ba8df}" = Browser Stabilizer
"{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{82D423F4-0941-4AFF-9ABE-C1905D90099E}" = BlackBerry Desktop Software 4.6
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{979F6A6B-4CB0-424E-8E70-AA2ED38B4CCC}" = Giga Pocket Demo Movie
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}" = BitSaver
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{ABBE458D-C10D-4B36-8C95-92DE9D196B1B}" = TurboTax 2012 wmdiper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD6BB00F-4DCD-450F-AAF9-A3233D29E2D5}" = i-Sing MP3 Karaoke Player
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EEDE14A2-A5DC-459E-BB58-178EED03712F}" = Giga Pocket 5.5
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1st JavaScript Editor 3" = 1st JavaScript Editor 3.8
"3411CE431623C686F4F69C8B3B21C9244E3E4CA2" = Windows Driver Package - Hewlett-Packard Image (12/27/2006 8.0.0.0)
"3DGroove" = OTOY
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"ATI Display Driver" = ATI Display Driver
"Backyard Basketball" = Backyard Basketball
"Barbie™ Sparkling Ice Show™" = Barbie™ Sparkling Ice Show™
"BarneyMusicDKey" = Barney Music
"BlackBerry_{82D423F4-0941-4AFF-9ABE-C1905D90099E}" = BlackBerry Desktop Software 4.6
"CareBearsDKey" = CareBears
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 2.2.0.705
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HijackThis" = HijackThis 2.0.2
"hp deskjet 840c series" = hp deskjet 840c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IECT2269050" = DVDVideoSoftTB Toolbar for IE
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"JumpStart Advanced Language Club" = JumpStart Advanced Language Club
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"JumpStart Art for Fun" = JumpStart Art for Fun
"JumpStart Spanish" = JumpStart Spanish
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MoodLogic" = MoodLogic
"Mp3tag" = Mp3tag v2.57
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Netscape (7.02)" = Netscape (7.02)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RCA Updater_is1" = RCA Updater 2.1.7.0
"SearchProtect" = Search Protect
"The Big Box of Art" = The Big Box of Art
"TurboTax 2012" = TurboTax 2012
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winnie the Pooh Toddler" = Disney's Winnie the Pooh Toddler
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2014 8:22:55 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/13/2014 8:22:55 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1969

Error - 1/13/2014 8:22:55 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969

Error - 1/13/2014 8:38:09 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/13/2014 8:38:09 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 916703

Error - 1/13/2014 8:38:09 PM | Computer Name = VALUED-B4B48255 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 916703

Error - 1/15/2014 7:27:43 AM | Computer Name = VALUED-B4B48255 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kr5q5.dll, version 1.1.0.0, fault address 0x0001a94a.

Error - 1/15/2014 7:27:55 AM | Computer Name = VALUED-B4B48255 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module x4hi5nci.dll, version 1.1.0.0, fault address 0x0001a94a.

Error - 1/15/2014 8:17:02 AM | Computer Name = VALUED-B4B48255 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23543, fault address 0x000e12f4.

Error - 1/15/2014 8:18:05 AM | Computer Name = VALUED-B4B48255 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23543, fault address 0x000e12ed.

[ System Events ]
Error - 1/11/2014 9:07:00 AM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avc3 BDVEDISK ssmdrv

Error - 1/12/2014 1:51:53 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Comcast AntiSpyware service failed to start due to the following
error: %%2

Error - 1/12/2014 1:51:53 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Skype Updater service failed to start due to the following error:
%%3

Error - 1/12/2014 1:51:58 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avc3 BDVEDISK ssmdrv

Error - 1/13/2014 7:02:45 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Comcast AntiSpyware service failed to start due to the following
error: %%2

Error - 1/13/2014 7:02:45 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Skype Updater service failed to start due to the following error:
%%3

Error - 1/13/2014 7:02:49 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avc3 BDVEDISK ssmdrv

Error - 1/14/2014 6:10:50 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Comcast AntiSpyware service failed to start due to the following
error: %%2

Error - 1/14/2014 6:10:50 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7000
Description = The Skype Updater service failed to start due to the following error:
%%3

Error - 1/14/2014 6:10:54 PM | Computer Name = VALUED-B4B48255 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avc3 BDVEDISK ssmdrv


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 15 January 2014 - 08:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi what antivirus are you running ?

On completion of these runs could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/12/16 04:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKLM\..\SearchScopes,DefaultScope = {BEA59B17-CD9D-4078-9B4C-A73040BF297B}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000e0469a04662f
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{BEA59B17-CD9D-4078-9B4C-A73040BF297B}: "URL" = http://search.condui...8533036414&UM=2
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (TaKeTheCeoupon) - {A1F54E5D-9345-8C2D-5921-9E0D04F00C42} - C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon\kr5Q5.dll ()
O2 - BHO: (BitSaver) - {D3BACACB-5796-9307-8CA2-F86552F437BC} - C:\Documents and Settings\All Users\Application Data\BitSaver\X4HI5NCi.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/h/horse_eventing/horse_eventing_girlsgogames_com/horse_eventing_girlsgogames_com.html" File not found
O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\Browser Stabilizer\BrowserStabilizer.dll ()
[2013/12/31 17:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon
[2013/12/31 17:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gdjdmhfbgffmdmcpbjpaplgfoeceacco
[2013/12/31 17:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2ab884503e97c13b
[2013/12/31 17:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitSaver
[2013/12/27 07:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Browser Stabilizer
[2013/12/24 08:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SearchProtect

:Files
C:\Program Files\SearchProtect
C:\Documents and Settings\All Users\Application Data\TaKeTheCeoupon
C:\Documents and Settings\All Users\Application Data\BitSaver
c:\Documents and Settings\All Users\Application Data\Browser Stabilizer

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
Essexboy
Posted 21 January 2014 - 12:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP