Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System is Corrupt and I cannot Restore or Fix [Closed]

Started by JDameron , Mar 18 2014 11:46 AM

  • This topic is locked This topic is locked

#1
JDameron
Posted 18 March 2014 - 11:46 AM

JDameron

    New Member

  • Member
  • Pip
  • 1 posts
My system is corrupt and I cannot find a helpful fix. I have used AVG & Windows Defender and neither seem to work. I am getting Pop-Ups ~ Ads over every web page that I visit ~ clicking on a link opens a new page for ads ~ ADS Everywhere. I have tried the System Restore as well as in Safe Mode with no luck - Error message No Files have been changed.
I have run the OTL the log provided is as follows. Along with this log another log came up as well which is attached at the end of the original log.

OTL logfile created on: 3/18/2014 12:28:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Janet Dameron\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.20% Memory free
3.84 Gb Paging File | 2.76 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.77 Gb Free Space | 94.80% Space Free | Partition Type: NTFS
Drive E: | 456.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JANET | User Name: Janet Dameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/18 12:28:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet Dameron\My Documents\Downloads\OTL(1).exe
PRC - [2014/03/18 12:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janet Dameron\My Documents\Downloads\OTL.exe
PRC - [2014/03/18 11:28:21 | 011,125,072 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Janet Dameron\My Documents\Downloads\mseinstall(1).exe
PRC - [2014/03/15 01:54:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/14 09:41:07 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/03/14 09:41:03 | 001,759,768 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
PRC - [2014/03/14 09:41:00 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
PRC - [2014/01/22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/23 15:01:10 | 000,803,368 | ---- | M] (Microsoft Corporation) -- c:\f564d30966926e415e8fd07ce463\x86\setup.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,318,656 | ---- | M] (Microsoft Corporation) -- c:\f564d30966926e415e8fd07ce463\epplauncher.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2012/07/28 01:40:38 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ebrmon.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/15 01:54:38 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/14 09:41:11 | 000,684,056 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.0\NativeBrowserApi.dll
MOD - [2014/03/14 09:41:10 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
MOD - [2014/03/14 09:41:07 | 002,539,544 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/03/14 09:41:00 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
MOD - [2014/03/12 17:52:09 | 016,276,872 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll


========== Services (SafeList) ==========

SRV - [2014/03/15 01:54:38 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 09:41:03 | 001,759,768 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe -- (vToolbarUpdater18.0.0)
SRV - [2014/03/12 17:52:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/03/14 09:41:14 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/01/19 21:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 21:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 21:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 21:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2005/03/17 19:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {5D9B62B8-7BD8-440F-8737-D7296F4DF530}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{5D9B62B8-7BD8-440F-8737-D7296F4DF530}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...AFB518819&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.bing.com/?pc=U157G
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4CD0CF54-2EA1-4AB8-9516-244E64C6D5B9}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8DA39FA1-211C-430D-84E0-7E8CB9302849}: "URL" = http://www.google.co...1I7ADRA_enUS479
IE - HKCU\..\SearchScopes\{9B4F8ABF-4C11-4439-9DA2-75399E106DC8}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\97C536F3D0B94DDE975A8440B20C48B3: "URL" = http://www.google.co...1I7ADRA_enUS479
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....9:44:48&sap=hp"
FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.93.44
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:18.0.0.248
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\18.0.0.248 [2014/03/14 09:44:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/15 01:54:26 | 000,000,000 | ---D | M]

[2012/04/26 13:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Extensions
[2014/03/18 00:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\extensions
[2014/03/14 09:41:36 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
[2014/03/14 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData
[2014/03/14 09:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins
[2014/03/14 09:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode
[2014/03/13 11:54:20 | 000,002,276 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\searchplugins\bingp.xml
[2014/03/18 11:33:41 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Mozilla\Firefox\Profiles\eg36ybo8.default-1394726701250\searchplugins\conduit-search.xml
[2014/03/15 01:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/15 01:54:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/14 09:44:50 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\18.0.0.248

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008/08/21 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f File not found
O4 - HKLM..\RunOnce: [TranslationBuddy_5ebar Uninstall] C:\Program Files\5eUninstall TranslationBuddy.dll (MindSpark)
O4 - Startup: C:\Documents and Settings\Janet Dameron\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Janet Dameron\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.trans...2012080819&cv=1 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4886E6DE-302E-4ED8-A1EE-FF695E214D1F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4886E6DE-302E-4ED8-A1EE-FF695E214D1F}: NameServer = 208.69.150.252,208.69.150.250
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/19 15:57:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/25 05:27:12 | 000,000,016 | R--- | M] () - E:\AUTOPLAY.BAT -- [ CDFS ]
O32 - AutoRun File - [2008/02/25 05:27:28 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{aaee9184-7e96-11e1-8741-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{aaee9184-7e96-11e1-8741-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aaee9184-7e96-11e1-8741-806d6172696f}\Shell\AutoRun\command - "" = E:\PopCDRun.exe -- [2008/02/25 05:27:46 | 000,300,304 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/18 11:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/03/18 11:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/03/18 11:28:52 | 000,000,000 | ---D | C] -- C:\f564d30966926e415e8fd07ce463
[2014/03/18 08:15:07 | 000,699,536 | ---- | C] (MindSpark) -- C:\Program Files\5eUninstall TranslationBuddy.dll
[2014/03/16 13:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 ess
[2014/03/15 01:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/14 13:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/03/14 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/03/14 12:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\YahooCouponAddOn
[2014/03/14 09:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\AVG2014
[2014/03/14 09:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\TuneUp Software
[2014/03/14 09:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\AVG SafeGuard toolbar
[2014/03/14 09:44:41 | 000,042,784 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/14 09:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2014/03/14 09:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/03/14 09:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\AVG SafeGuard toolbar
[2014/03/14 09:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2014/03/14 09:40:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/03/14 09:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/03/14 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\Optimizer Pro
[2014/03/14 09:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/03/14 09:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\MFAData
[2014/03/14 09:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/03/14 09:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\Avg2014
[2014/03/14 09:22:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Janet Dameron\Start Menu\Programs\Administrative Tools
[2014/03/14 07:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\LookSafe Utility
[2014/03/14 07:29:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2014/03/14 06:56:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/14 01:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2014/03/14 00:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\1019
[2014/03/13 23:44:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/03/13 14:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 wedding rings
[2014/03/13 10:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\Malwarebytes
[2014/03/13 10:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/03/13 09:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Desktop\Old Firefox Data
[2014/03/12 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/03/12 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/03/12 22:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\1O1L1I1PtF1F1C1N
[2014/03/12 22:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\mysearchdial
[2014/03/09 12:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 brooch
[2014/03/08 12:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 gold heart bangle
[2014/03/08 05:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Application Data\FreeFileViewer
[2014/03/07 05:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/03/07 05:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
[2014/03/07 05:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\FreeFileViewer
[2014/03/07 05:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\Local Settings\Application Data\FileTypeAssistant
[2014/03/07 05:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2014/03/07 05:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer
[2014/03/07 05:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2014/03/07 05:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2014/03/07 05:29:02 | 000,420,784 | ---- | C] (WinZip Computing) -- C:\Documents and Settings\Janet Dameron\My Documents\WinZip180.exe
[2014/03/06 15:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 golden dragon
[2014/03/06 15:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 Multi
[2014/03/06 15:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 jade solar quartz
[2014/03/06 12:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 sea foam
[2014/03/06 11:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 Listia Locket Dispute
[2014/03/04 11:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 trippin wild flowers
[2014/03/02 20:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 ghoulish deilght
[2014/03/01 09:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 garden fairies
[2014/02/28 11:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 green adventurine dragon
[2014/02/26 09:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 tiger eye
[2014/02/25 15:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 carolans
[2014/02/25 12:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 pink morganite
[2014/02/25 12:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 warned cat
[2014/02/21 09:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 two by sea
[2014/02/19 15:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 newest Ebay Auctions
[2014/02/19 14:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 vintage ice cream scoops
[2014/02/18 09:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 Wheat Pennies
[2014/02/17 23:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 red and Black
[2014/02/16 12:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janet Dameron\My Documents\1 malaysia jade
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/18 12:29:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1769210917-2483612637-964656020-1005UA.job
[2014/03/18 11:51:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2014/03/18 11:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/18 11:47:18 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/03/18 11:40:37 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/18 11:40:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/18 11:34:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2014/03/18 11:29:15 | 000,012,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/18 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/03/18 07:57:34 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/18 07:57:34 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/03/18 07:57:34 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/18 07:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/18 07:13:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2014/03/17 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2014/03/17 17:29:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1769210917-2483612637-964656020-1005Core.job
[2014/03/17 16:51:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2014/03/17 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2014/03/16 00:38:50 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/16 00:38:50 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Desktop\Google Chrome.lnk
[2014/03/14 13:18:53 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/03/14 12:54:27 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/14 12:54:27 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/14 10:35:58 | 000,000,396 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/03/14 09:50:19 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/14 09:44:50 | 000,003,754 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/03/14 09:41:14 | 000,042,784 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/14 07:03:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/13 11:54:23 | 000,362,029 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\sqlite3.dll
[2014/03/13 03:23:57 | 000,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/12 22:27:08 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/12 22:23:53 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/03/12 11:20:48 | 000,043,015 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\for that red connector idea 2.jpg
[2014/03/11 20:46:24 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/11 20:46:24 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/10 05:14:45 | 000,046,229 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\gemstone bracelet idea.JPG
[2014/03/10 05:11:38 | 000,054,826 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\turquoise bracelet idea.JPG
[2014/03/10 04:55:00 | 000,237,819 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\Silpada bracelet idea.JPG
[2014/03/07 06:50:46 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\WB.CFG
[2014/03/07 05:42:46 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/07 05:42:46 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\Desktop\FreeFileViewer.lnk
[2014/03/07 05:29:08 | 000,420,784 | ---- | M] (WinZip Computing) -- C:\Documents and Settings\Janet Dameron\My Documents\WinZip180.exe
[2014/03/01 01:56:48 | 000,060,986 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\flower name tag necklace.JPG
[2014/02/21 09:29:34 | 000,040,602 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\ConchShellCobalt.jpg
[2014/02/20 12:08:04 | 000,343,030 | ---- | M] () -- C:\Documents and Settings\Janet Dameron\My Documents\cross ring 4.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/18 11:47:17 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/03/18 11:40:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/18 11:30:37 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/03/18 08:15:07 | 000,172,448 | ---- | C] () -- C:\Program Files\5eres.dll
[2014/03/14 12:54:27 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/03/14 12:54:26 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/14 12:54:26 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/03/14 09:50:19 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2014/03/14 09:46:19 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/03/14 09:43:14 | 000,003,754 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/03/14 01:04:10 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2014/03/14 00:53:57 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/03/13 11:54:23 | 000,362,029 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\sqlite3.dll
[2014/03/12 22:23:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/03/12 22:23:53 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/03/12 11:20:48 | 000,043,015 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\for that red connector idea 2.jpg
[2014/03/11 20:45:07 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/11 20:45:06 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/10 05:14:45 | 000,046,229 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\gemstone bracelet idea.JPG
[2014/03/10 05:11:38 | 000,054,826 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\turquoise bracelet idea.JPG
[2014/03/10 04:55:00 | 000,237,819 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\Silpada bracelet idea.JPG
[2014/03/07 06:50:46 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\Application Data\WB.CFG
[2014/03/07 05:50:34 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/07 05:42:56 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/03/07 05:42:46 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/03/07 05:42:46 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\Desktop\FreeFileViewer.lnk
[2014/03/01 01:56:48 | 000,060,986 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\flower name tag necklace.JPG
[2014/02/21 09:29:34 | 000,040,602 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\ConchShellCobalt.jpg
[2014/02/20 12:08:04 | 000,343,030 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\My Documents\cross ring 4.jpg
[2013/07/25 00:04:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2013/07/25 00:04:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/07/03 10:25:15 | 000,004,284 | ---- | C] () -- C:\Documents and Settings\Janet Dameron\.recently-used.xbel
[2012/04/12 10:28:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2013/09/25 21:11:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/14 09:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/03/07 05:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2014/03/14 10:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/06/29 07:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/07/02 09:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/06/10 06:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/04/26 13:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/03/18 09:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/16 07:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/07/25 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/06/15 15:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2014/03/14 11:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/11 03:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2014/03/14 10:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\1019
[2014/03/12 22:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\1O1L1I1PtF1F1C1N
[2014/03/14 09:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\AVG SafeGuard toolbar
[2014/03/14 09:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\AVG2014
[2012/06/29 07:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\Babylon
[2012/07/16 06:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\DriverCure
[2014/03/18 08:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\Dropbox
[2014/03/08 05:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\FreeFileViewer
[2012/07/03 10:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\gtk-2.0
[2014/03/12 22:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\mysearchdial
[2012/07/16 06:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\ParetoLogic
[2013/09/12 08:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\PhotoScape
[2013/07/25 00:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\PopCapv1000
[2014/03/14 09:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\TuneUp Software
[2012/05/29 05:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\Visan
[2014/03/14 12:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janet Dameron\Application Data\YahooCouponAddOn

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Janet Dameron\My Documents\video-2013-09-25-10-18-01.mp4:SummaryInformation
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >

"Extras" log
OTL Extras logfile created on: 3/18/2014 12:28:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Janet Dameron\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.20% Memory free
3.84 Gb Paging File | 2.76 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 220.77 Gb Free Space | 94.80% Space Free | Partition Type: NTFS
Drive E: | 456.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JANET | User Name: Janet Dameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Janet Dameron\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Janet Dameron\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{822B325F-9CDD-4E78-87A2-35E6F0DDEEA2}" = HP Deskjet 1000 J110 series Product Improvement Study
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A7378875-1EF9-46BB-9316-BFB615CB45DA}" = AVG 2014
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B26B07BA-A768-4420-844E-771E05F0D965}" = AVG 2014
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AVG" = AVG 2014
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"FreeFileViewer_is1" = Free File Viewer 2014
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Trusted Software Assistant_is1" = File Type Assistant
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader Free Download Packages" = Adobe Reader Free Download Packages
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2014 9:13:56 AM | Computer Name = JANET | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 3/18/2014 9:14:32 AM | Computer Name = JANET | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:19:42 AM | Computer Name = JANET | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2014 12:30:34 PM | Computer Name = JANET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/18/2014 12:46:17 PM | Computer Name = JANET | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 3/18/2014 9:13:56 AM | Computer Name = JANET | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 3/18/2014 9:14:32 AM | Computer Name = JANET | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:17:11 AM | Computer Name = JANET | Source = ConvertFilesforFree | ID = 2
Description =

Error - 3/18/2014 9:19:42 AM | Computer Name = JANET | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/18/2014 12:30:34 PM | Computer Name = JANET | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/18/2014 12:46:17 PM | Computer Name = JANET | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/14/2014 1:29:25 PM | Computer Name = JANET | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/14/2014 2:08:26 PM | Computer Name = JANET | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/14/2014 2:08:31 PM | Computer Name = JANET | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/14/2014 2:08:36 PM | Computer Name = JANET | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/14/2014 2:08:41 PM | Computer Name = JANET | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/14/2014 2:08:57 PM | Computer Name = JANET | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 3/14/2014 2:08:58 PM | Computer Name = JANET | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/14/2014 2:09:01 PM | Computer Name = JANET | Source = PlugPlayManager | ID = 12
Description = The device 'SONY CD-RW CRX216E' (IDE\CdRomSONY_CD-RW__CRX216E_____________________PD03____\5&e0c0079&0&0.1.0)
disappeared from the system without first being prepared for removal.

Error - 3/15/2014 12:54:14 AM | Computer Name = JANET | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/18/2014 9:21:57 AM | Computer Name = JANET | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >
  • 0

Advertisements

#2
godawgs
Posted 18 March 2014 - 04:38 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Janet, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I am looking over your log now. But the first thing we need to address is the multiple antivirus products installed on the system. You have AVG and Microsoft Security Essentials both installed. We need to uninstall one of the. AVG is a big program and uses a lot of system resources (RAM). AVG also comes with things like the AVG secure search toolbar and other un-needed and dubious, in my opinion, bells and whistles.
MSE is a much smaller program ans uses far less resources.
The choice is yours but you need to let me know which one you want to keep and I will help you completely uninstall the other one.

Multiple Antivirus Programs Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know which antivirus program you want to keep.
  • 0

#3
godawgs
Posted 22 March 2014 - 07:22 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP