[tammy111]

Guys, I got another bug today

Whenever I open firefox and try to go from page to page, I get redirected to different sights.

 

What do I do??

 

You guys have saved me in the past and I really appreciate it !!

 

Thanks

 

tam

[Advertisements]

Hello Tammy, Welcome back to the forums!
.  My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Go to the topic and in the upper right corner, click the Follow button. You will them be prompted with how often you wish to be notified. To the right of this button, it shows how many other people are watching the topic.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
•   Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes  )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get a look at what's going on under the hood.
 

 

 

Step-1.

OTL Custom Scan
 

• Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C

2.Open on the desktop. To do that:

• XP users: Double click on the OTL icon.
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
• Click the box beside Scan All Users at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. Extras.txt will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file

 

Step-2.
Run aswMBR

• Download aswMBR.exe  to your desktop.
• Double click the aswMBR.exe file to run it.
• If it asks you if you want to download the latest virus definitions, click Yes
• Click the "Scan" button to start the scan
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.

 

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log

[godawgs]

Hello Tammy, Welcome back to the forums!
.  My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Go to the topic and in the upper right corner, click the Follow button. You will them be prompted with how often you wish to be notified. To the right of this button, it shows how many other people are watching the topic.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
•   Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes  )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get a look at what's going on under the hood.
 

 

 

Step-1.

OTL Custom Scan
 

• Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C

2.Open on the desktop. To do that:

• XP users: Double click on the OTL icon.
  Make sure all other windows are closed.
• You will see a console like the one below:
  
  
• Click the box beside Scan All Users at the top of the console
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. Extras.txt will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of this file and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file

 

Step-2.
Run aswMBR

• Download aswMBR.exe  to your desktop.
• Double click the aswMBR.exe file to run it.
• If it asks you if you want to download the latest virus definitions, click Yes
• Click the "Scan" button to start the scan
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.

 

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log

[tammy111]

ok, here is the otl.txt ......

 

OTL logfile created on: 6/2/2014 7:36:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.50 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 74.84% Memory free
4.35 Gb Paging File | 3.85 Gb Available in Paging File | 88.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 199.80 Gb Free Space | 85.48% Space Free | Partition Type: NTFS
Drive F: | 3.80 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
 
Computer Name: TODD-DXK8MBK1O8 | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/02 19:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2014/05/11 01:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
PRC - [2014/04/01 14:59:46 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files\Quiknowledge\Service\qksvc.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HPBDSService\HPBDSService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 17:35:35 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0bb94276be98ff9ff0b22152fa633b9\System.Xml.Linq.ni.dll
MOD - [2014/02/12 17:34:58 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/12 17:34:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 17:34:35 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 17:34:34 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2014/02/12 17:34:26 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/12 17:33:11 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 17:20:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/12 17:12:52 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 17:12:45 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 17:12:28 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 17:12:01 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/12 17:06:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 17:06:25 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/06/25 11:08:26 | 000,048,640 | ---- | M] () -- C:\WINDOWS\system32\sdtnpm.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/13 21:18:28 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 01:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/10 00:40:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/01 14:59:46 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2013/06/26 02:22:46 | 000,005,632 | ---- | M] (The Neat Company) [Auto | Stopped] -- C:\Program Files\Neat\exec\NeatStartupService.exe -- (Neat Startup Service)
SRV - [2013/06/25 11:08:26 | 000,192,512 | ---- | M] (Two Pilots) [Auto | Stopped] -- C:\WINDOWS\VPDAgent.exe -- (Agent)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/05/09 20:07:24 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/04/05 04:23:34 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/04/05 04:23:34 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.032\NAVENG.SYS -- (NAVENG)
DRV - [2014/04/01 14:59:44 | 000,052,752 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\qknfd.sys -- (qknfd)
DRV - [2014/03/25 18:12:29 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2014/03/03 23:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symefa.sys -- (SymEFA)
DRV - [2014/02/17 20:32:41 | 000,423,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symtdi.sys -- (SYMTDI)
DRV - [2014/02/12 20:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\srtsp.sys -- (SRTSP)
DRV - [2013/12/11 06:09:31 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/05 22:26:07 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/17 17:47:57 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symds.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\srtspx.sys -- (SRTSPX)
DRV - [2012/03/20 07:36:44 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=811558261&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=811558261&ir=
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=811558261&ir=
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=811558261&ir=
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedial"
FF - prefs.js..browser.search.selectedEngine: "Speedial"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: ZenSearch%40ZenSearch.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/05/26 19:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/06 09:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014/06/01 18:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/05/18 15:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2014/06/01 18:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions
[2014/06/01 18:08:24 | 000,000,000 | ---D | M] ("Speedial") -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
[2014/06/01 18:07:05 | 000,000,000 | ---D | M] (ZenSearch) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\[email protected]
[2014/06/01 18:08:28 | 000,002,781 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\searchplugins\Speedial.xml
[2014/06/01 18:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/06/01 18:07:43 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2014/05/10 00:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 00:40:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://speedial.com/...r=811558261&ir=
CHR - default_search_provider: Speedial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eapmfjbemiffkmggedbiibolghfomomg\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\
CHR - Extension: No name found = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ZenSearch) - {EC740D8D-BAA6-4BAF-9183-2406AB943D3A} - C:\Program Files\ZenSearch\IeZenSearch.dll (ZenSearch ApS)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKLM..\RunOnce: [Del513973640] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\RunOnce: [Del513973640] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\RunOnce: [ZS_cleanup1] C:\Documents and Settings\Todd\Local Settings\Temp\is-QCSB9.tmp [2014/06/01 18:00:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7722E195-1173-497E-B325-4C8635A89E81}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7722E195-1173-497E-B325-4C8635A89E81}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://i.ebayimg.com...c lw~~60_35.JPG
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/19 20:41:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/02 19:31:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2014/06/01 18:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\OpenOfficeBeta
[2014/06/01 18:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/06/01 18:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Speedial
[2014/06/01 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\1H1Q
[2014/06/01 18:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speedial
[2014/06/01 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/06/01 18:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\FlvPlayer
[2014/06/01 18:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlvPlayer
[2014/06/01 18:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
[2014/06/01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\ZenSearch
[2014/06/01 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ZenSearch Updater
[2014/06/01 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZenSearch
[2014/06/01 18:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\FileTypeAssistant
[2014/06/01 18:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2014/05/23 15:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/05/23 15:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/23 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/23 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/05/14 12:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/10 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/02 19:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2014/06/02 19:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 19:24:39 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2014/06/02 19:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/02 19:08:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/06/02 18:02:02 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2014/06/02 13:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\ZenSearch updater.job
[2014/06/02 06:29:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/01 17:24:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/30 04:35:06 | 000,038,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\VT20140530.006
[2014/05/29 23:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/26 20:49:48 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/26 19:48:02 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2014/05/26 19:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/26 19:47:12 | 000,664,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\Cat.DB
[2014/05/23 15:47:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/05/21 14:31:11 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/18 23:28:06 | 002,251,591 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\doc04354820140516150821.pdf
[2014/05/13 21:18:24 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/05/13 21:18:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/11 01:52:10 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\isolate.ini
[2014/05/08 22:12:09 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/05/04 21:31:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/02 18:08:02 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/06/01 18:08:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2014/06/01 18:00:28 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\ZenSearch updater.job
[2014/06/01 18:00:08 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2014/06/01 18:00:07 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2014/05/23 15:47:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/05/18 23:27:57 | 002,251,591 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\doc04354820140516150821.pdf
[2014/04/23 04:49:37 | 000,520,034 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-308236825-839522115-1004-0.dat
[2014/04/23 04:49:36 | 000,260,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/01/23 18:31:12 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2014/01/03 09:48:42 | 000,156,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/29 12:47:26 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\sdtnpm.dll
[2013/07/28 04:36:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/26 08:11:02 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2012/03/19 21:48:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/23 15:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/03/21 15:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/01/02 14:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/03/20 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2013/09/29 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2014/04/22 16:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014/06/01 18:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/29 12:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company
[2013/04/08 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/03/21 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/06/01 18:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\1H1Q
[2014/06/01 18:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\FlvPlayer
[2013/09/29 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Neat
[2013/09/29 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Nuance
[2012/04/02 14:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\OpenOffice.org
[2014/06/01 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\OpenOfficeBeta
[2014/04/24 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Oracle
[2014/04/22 16:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Samsung
[2014/06/01 18:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Speedial
[2014/06/01 18:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\ZenSearch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2009/02/09 05:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=01095FEBF33BEEA00C2A0730B9B3EC28 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2009/02/09 05:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2004/08/04 01:56:46 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
 
< MD5 for: SVCHOST.EXE  >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< c:\program files (x86)\Google\Desktop >
[2012/03/19 20:40:25 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/03/19 20:41:50 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/03/19 23:18:35 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 23:18:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 14:37:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2014/04/06 20:25:47 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/06 20:25:48 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/23 05:00:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014/06/01 18:00:07 | 000,000,392 | ---- | C] () -- C:\WINDOWS\Tasks\ProgramUpdateCheck.job
[2014/06/01 18:00:08 | 000,000,448 | ---- | C] () -- C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
[2014/06/01 18:00:28 | 000,000,380 | ---- | C] () -- C:\WINDOWS\Tasks\ZenSearch updater.job
[2014/06/01 18:08:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job
 
< c:\program files\Google\Desktop >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 7494-9BCF
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014  05:20 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014  05:20 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014  05:23 PM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014  05:13 PM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               4 Dir(s)  214,505,684,992 bytes free

< End of report >
 

[tammy111]

( I do not see an extras file minimized or on my desktop)

[tammy111]

ok, here is the aswmbr log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-02 20:22:20
-----------------------------
20:22:20.026    OS Version: Windows 5.1.2600 Service Pack 3
20:22:20.026    Number of processors: 1 586 0x209
20:22:20.026    ComputerName: TODD-DXK8MBK1O8  UserName: Todd
20:22:23.455    Initialize success
20:25:17.457    AVAST engine defs: 14060201
20:25:31.594    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:25:31.609    Disk 0 Vendor: Maxtor_6L250R0 BAJ41G20 Size: 239372MB BusType: 3
20:25:31.719    Disk 0 MBR read successfully
20:25:31.734    Disk 0 MBR scan
20:25:31.765    Disk 0 Windows XP default MBR code
20:25:31.781    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       239359 MB offset 63
20:25:31.797    Disk 0 scanning sectors +490207410
20:25:31.874    Disk 0 scanning C:\WINDOWS\system32\drivers
20:25:43.159    Service scanning
20:25:44.811    Service BHDrvx86 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx86.sys **LOCKED** 5
20:25:45.403    Service ccSet_N360 C:\WINDOWS\system32\drivers\N360\1503000.00C\ccSetx86.sys **LOCKED** 5
20:25:48.957    Service IDSxpx86 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140602.001\IDSxpx86.sys **LOCKED** 5
20:25:53.664    Service NAVENG C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.032\NAVENG.SYS **LOCKED** 5
20:25:56.454    Service NAVEX15 C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140602.032\NAVEX15.SYS **LOCKED** 5
20:26:01.238    Service SRTSPX C:\WINDOWS\system32\drivers\N360\1503000.00C\SRTSPX.SYS **LOCKED** 5
20:26:02.018    Service SymDS C:\WINDOWS\system32\drivers\N360\1503000.00C\SYMDS.SYS **LOCKED** 5
20:26:02.439    Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
20:26:02.750    Service SymIRON C:\WINDOWS\system32\drivers\N360\1503000.00C\Ironx86.SYS **LOCKED** 5
20:26:03.124    Service SYMTDI C:\WINDOWS\System32\Drivers\N360\1503000.00C\SYMTDI.SYS **LOCKED** 5
20:26:06.584    Modules scanning
20:26:18.149    Disk 0 trace - called modules:
20:26:18.258    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:26:18.383    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8b9ab8]
20:26:18.492    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a93eb00]
20:26:20.534    AVAST engine scan C:\WINDOWS
20:26:30.571    AVAST engine scan C:\WINDOWS\system32
20:30:09.461    AVAST engine scan C:\WINDOWS\system32\drivers
20:30:37.220    AVAST engine scan C:\Documents and Settings\Todd
20:57:24.121    AVAST engine scan C:\Documents and Settings\All Users
21:01:44.765    Scan finished successfully
21:12:06.865    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Todd\Desktop\MBR.dat"
21:12:06.912    The log file has been saved successfully to "C:\Documents and Settings\Todd\Desktop\aswMBR.txt"

 

[godawgs]

( I do not see an extras file minimized or on my desktop)

That's because OTL only generates the Extras.txt file on the first run. The OTL.txt log you posted was from run #2.

OTL logfile created on: 6/2/2014 7:36:02 PM - Run 2

The Extras.txt file should be on the desktop. If it is there please copy and paste it into your next reply. If it isn't there follow the directions below and we will force OTL to generate a new one.
 
 
OTL Scan

• Please re-open on the desktop. To do that:
  • XP users: Double click the OTL icon.
  Make sure all other windows are closed .
• You will see a console like the one below:
  
  
• At the top of the console click the greyed out None button<---Very Important
• At the top of the console, click the box beside Scan All Users
• The Include 64bit Scans box will not be available.
• In the Extra Registry section click the circle beside Use Safelist.<---Very Important
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt.
• Close the OTL.txt file as I don't need it and open the Extras.txt file and post it in your next reply.

[tammy111]

Thank you for walking me throught this !!!

 

Here is the extras file results

 

OTL Extras logfile created on: 6/3/2014 5:05:39 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.50 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 59.47% Memory free
4.35 Gb Paging File | 3.45 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 199.52 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
Drive F: | 3.80 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
 
Computer Name: TODD-DXK8MBK1O8 | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (FTA ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP LaserJet 200 color M251\bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP LaserJet 200 color M251\bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP LaserJet 200 color M251) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe" = C:\Program Files\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color M251 EWSProxy -- (Hewlett-Packard Co.)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (FTA ApS)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025D3904-FA39-4AA2-A05B-9EFAAF36B1F2}" = HP LaserJet 200 color M251 HP Device Toolbox
"{08ED1CD1-1CB1-B7CE-677E-110D0A118590}" = AMD Catalyst Install Manager
"{09C0DA15-AB94-43BC-9B02-57DF3FEB469F}" = hppM251LaserJetService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{14CF9AF8-10A6-4FA7-9E57-D22DBD644C77}" = HP Unified IO
"{180D6813-95E0-415C-B58A-5B9493DE2DDA}" = hppLaserJetService
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{413E98C3-2CA1-4D04-AFC2-8D8D873A3178}" = hpbM251DSService
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{46A99EAE-98DA-4BE5-94C3-D41BA4C266DA}" = hpStatusAlerts
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}" = HP LaserJet 200 color M251
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio 2012 Deluxe
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F45DF9-0FF7-4C45-A119-1EBA27E6DD50}" = HP Product FWUpdater
"{A1EF28FB-74A8-4157-91E9-9C164CAB10F8}" = hpStatusAlertsM251
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B630320B-4B6A-4623-A05D-80DAA4C73CE9}" = QuickShare
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}" = HPLaserJet200color-M251_HelpLearnCenter_SI
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F9C52512-F5AB-4CA8-8E35-6396797DD72A}" = Send To Neat
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Neat" = Neat
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quiknowledge" = Quiknowledge
"RealPlayer 6.0" = RealOne Player
"Speedial" = Speedial
"TFTP Client" = TFTP Client
"Trusted Software Assistant_is1" = File Type Assistant
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZenSearch" = ZenSearch
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"FlvPlayer" = FlvPlayer
"Media Player Packages" = Media Player Packages
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/9/2013 9:34:57 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 489
Description = wuauclt (1804) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 11/9/2013 9:34:57 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1804) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 11/9/2013 9:35:10 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 489
Description = wuauclt (1804) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 11/9/2013 9:35:10 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1804) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 12/17/2013 3:50:26 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.0.5091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2014 9:18:12 PM | Computer Name = TODD-DXK8MBK1O8 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hplaserjetservice.exe, version 9.27.856.0, stamp
 4fa1f537, faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug?
 0, fault address 0x00019af2.
 
Error - 4/22/2014 5:30:50 PM | Computer Name = TODD-DXK8MBK1O8 | Source = MsiInstaller | ID = 11706
Description = Product: QuickShare -- Error 1706. An installation package for the
 product QuickShare cannot be found. Try the installation again using a valid copy
 of the installation package 'LinkuryInstaller.msi'.
 
Error - 4/23/2014 5:51:53 AM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module navshext.dll, version 21.2.0.38, fault address 0x0000488e.
 
Error - 4/23/2014 5:53:27 AM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 5/5/2014 4:42:00 PM | Computer Name = TODD-DXK8MBK1O8 | Source = MsiInstaller | ID = 11706
Description = Product: QuickShare -- Error 1706. An installation package for the
 product QuickShare cannot be found. Try the installation again using a valid copy
 of the installation package 'LinkuryInstaller.msi'.
 
[ System Events ]
Error - 5/9/2014 12:26:33 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The VPDAgent service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 5/9/2014 12:26:37 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/9/2014 12:26:42 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 5/9/2014 12:26:44 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 5/26/2014 9:52:02 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 5/26/2014 9:52:04 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 5/26/2014 9:52:06 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Neat Startup Service service terminated unexpectedly.  It has
done this 1 time(s).
 
Error - 5/26/2014 9:52:09 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The VPDAgent service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 5/26/2014 9:52:11 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 5/26/2014 9:52:14 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
 

[godawgs]

Thanks for the log. OK, let's get started. The OTL log shows some browser hijackers, nafarious toolbars and search engines. And we need to uninstall some malicious programs. The aswMBR log was clean. It didn't show any problems with the Master Boot Record. The first thing we will do is use ERUNT to back up the Registry. You might want to print these instructions or save them to a text file so you will have them handy as you complete the steps.


Step-1.
Backup the Registry with ERUNT

• Double click the Erunt icon on the desktop or click the Start button, then All Programs, then highlight the Erunt folder and click Erunt To start the program.
  You will see a GUI like the image below:
  
• Leave the Backup to: location as is.
• Under the Backup options, click all three.
• Click the OK button. The backup will begin and you will see the following image:
  
• When the backup has finished you will get the following image:
  
• Click th OK button to close the application.

 

Step-2.
Malicious program uninstalls

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

QuickShare
Quiknowledge
Speedial
ZenSearch

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Step-3.
OTL Fix

Please close all open windows and browsers
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/04/01 14:59:46 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files\Quiknowledge\Service\qksvc.exe
SRV - [2014/04/01 14:59:46 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files\Quiknowledge\Service\qksvc.exe -- (qksvc)
DRV - [2014/04/01 14:59:44 | 000,052,752 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\qknfd.sys -- (qknfd)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=811558261&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=811558261&ir=
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=811558261&ir=
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=18/05/2013
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=811558261&ir=
FF - prefs.js..browser.search.defaultenginename: "Speedial"
FF - prefs.js..browser.search.selectedEngine: "Speedial"
FF - prefs.js..extensions.enabledAddons: ZenSearch%40ZenSearch.com:1.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014/06/01 18:07:43 | 000,000,000 | ---D | M]
[2014/06/01 18:08:24 | 000,000,000 | ---D | M] ("Speedial") -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
[2014/06/01 18:07:05 | 000,000,000 | ---D | M] (ZenSearch) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\[email protected]
[2014/06/01 18:08:28 | 000,002,781 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\searchplugins\Speedial.xml
[2014/06/01 18:07:43 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (ZenSearch) - {EC740D8D-BAA6-4BAF-9183-2406AB943D3A} - C:\Program Files\ZenSearch\IeZenSearch.dll (ZenSearch ApS)
O4 - HKLM..\RunOnce: [Del513973640] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\RunOnce: [Del513973640] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\RunOnce: [ZS_cleanup1] C:\Documents and Settings\Todd\Local Settings\Temp\is-QCSB9.tmp [2014/06/01 18:00:16 | 000,000,000 | ---D | M]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2014/06/01 18:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Speedial
[2014/06/01 18:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Speedial
[2014/06/01 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\1H1Q
[2014/06/01 18:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Speedial
[2014/06/01 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/06/01 18:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
[2014/06/01 18:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\ZenSearch
[2014/06/01 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\ZenSearch Updater
[2014/06/01 18:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZenSearch
[2014/06/01 18:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\FileTypeAssistant
[2014/06/01 18:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2014/06/02 19:08:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/06/02 18:02:02 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ProgramRefresh-ATFST.job
[2014/06/02 13:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\ZenSearch updater.job
[2014/06/01 18:00:07 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2012/03/21 15:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/06/01 18:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Speedial
[2014/06/01 18:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\ZenSearch

:FILES
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eapmfjbemiffkmggedbiibolghfomomg
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
C:\Program Files\Updater By SweetPacks
C:\Program Files\Mozilla Firefox\extensions\[email protected]
CHR - Extension: No name found = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ipconfig /flushdns /c
netsh firewall reset /c
netsh firewall set opmode mode = ENABLE profile = ALL /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• XP users: Double click the icon.

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step-4.
AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

• XP users, double click the AdwCleaner icon on the desktop to run AdwCleaner. You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Click the Report button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The OTL fixes log
3. The AdwCleaner[R0].txt log
4. the new OTL.txt log

[tammy111]

OTL Extras logfile created on: 6/3/2014 5:05:39 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.50 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 59.47% Memory free
4.35 Gb Paging File | 3.45 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 199.52 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
Drive F: | 3.80 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
 
Computer Name: TODD-DXK8MBK1O8 | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (FTA ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP LaserJet 200 color M251\bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP LaserJet 200 color M251\bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP LaserJet 200 color M251) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe" = C:\Program Files\HP\HP LaserJet 200 color M251\bin\EWSProxy.exe:LocalSubNet:Enabled:HP LaserJet 200 color M251 EWSProxy -- (Hewlett-Packard Co.)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (FTA ApS)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025D3904-FA39-4AA2-A05B-9EFAAF36B1F2}" = HP LaserJet 200 color M251 HP Device Toolbox
"{08ED1CD1-1CB1-B7CE-677E-110D0A118590}" = AMD Catalyst Install Manager
"{09C0DA15-AB94-43BC-9B02-57DF3FEB469F}" = hppM251LaserJetService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{14CF9AF8-10A6-4FA7-9E57-D22DBD644C77}" = HP Unified IO
"{180D6813-95E0-415C-B58A-5B9493DE2DDA}" = hppLaserJetService
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{413E98C3-2CA1-4D04-AFC2-8D8D873A3178}" = hpbM251DSService
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{46A99EAE-98DA-4BE5-94C3-D41BA4C266DA}" = hpStatusAlerts
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}" = HP LaserJet 200 color M251
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8777089A-4CF4-44BA-910B-9A4580669DED}" = Hallmark Card Studio 2012 Deluxe
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F45DF9-0FF7-4C45-A119-1EBA27E6DD50}" = HP Product FWUpdater
"{A1EF28FB-74A8-4157-91E9-9C164CAB10F8}" = hpStatusAlertsM251
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B630320B-4B6A-4623-A05D-80DAA4C73CE9}" = QuickShare
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DDEBEA89-2B5A-4E5B-8702-369882BB3F52}" = HPLaserJet200color-M251_HelpLearnCenter_SI
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F9C52512-F5AB-4CA8-8E35-6396797DD72A}" = Send To Neat
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton 360
"Neat" = Neat
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quiknowledge" = Quiknowledge
"RealPlayer 6.0" = RealOne Player
"Speedial" = Speedial
"TFTP Client" = TFTP Client
"Trusted Software Assistant_is1" = File Type Assistant
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZenSearch" = ZenSearch
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"FlvPlayer" = FlvPlayer
"Media Player Packages" = Media Player Packages
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/9/2013 9:34:57 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 489
Description = wuauclt (1804) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 11/9/2013 9:34:57 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1804) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 11/9/2013 9:35:10 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 489
Description = wuauclt (1804) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file
operation will fail with error -1032 (0xfffffbf8).
 
Error - 11/9/2013 9:35:10 PM | Computer Name = TODD-DXK8MBK1O8 | Source = ESENT | ID = 455
Description = wuaueng.dll (1804) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error - 12/17/2013 3:50:26 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.0.5091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2014 9:18:12 PM | Computer Name = TODD-DXK8MBK1O8 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application hplaserjetservice.exe, version 9.27.856.0, stamp
 4fa1f537, faulting module ntdll.dll, version 5.1.2600.6055, stamp 4d00f27d, debug?
 0, fault address 0x00019af2.
 
Error - 4/22/2014 5:30:50 PM | Computer Name = TODD-DXK8MBK1O8 | Source = MsiInstaller | ID = 11706
Description = Product: QuickShare -- Error 1706. An installation package for the
 product QuickShare cannot be found. Try the installation again using a valid copy
 of the installation package 'LinkuryInstaller.msi'.
 
Error - 4/23/2014 5:51:53 AM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module navshext.dll, version 21.2.0.38, fault address 0x0000488e.
 
Error - 4/23/2014 5:53:27 AM | Computer Name = TODD-DXK8MBK1O8 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
 dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
 
Error - 5/5/2014 4:42:00 PM | Computer Name = TODD-DXK8MBK1O8 | Source = MsiInstaller | ID = 11706
Description = Product: QuickShare -- Error 1706. An installation package for the
 product QuickShare cannot be found. Try the installation again using a valid copy
 of the installation package 'LinkuryInstaller.msi'.
 
[ System Events ]
Error - 5/9/2014 12:26:33 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The VPDAgent service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 5/9/2014 12:26:37 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 5/9/2014 12:26:42 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 5/9/2014 12:26:44 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 5/26/2014 9:52:02 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done
this 1 time(s).
 
Error - 5/26/2014 9:52:04 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 5/26/2014 9:52:06 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Neat Startup Service service terminated unexpectedly.  It has
done this 1 time(s).
 
Error - 5/26/2014 9:52:09 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The VPDAgent service terminated unexpectedly.  It has done this 1
time(s).
 
Error - 5/26/2014 9:52:11 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 5/26/2014 9:52:14 PM | Computer Name = TODD-DXK8MBK1O8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
 
< End of report >
 

[godawgs]

Why did you post the Extras.txt log for a second time?

Please follow the instructions in post #8.

[tammy111]

ok...the uninstalles went fine

 

here is the otl file after the fix ran

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named qksvc.exe was found!
Error: No service named qksvc was found to stop!
Service\Driver key qksvc not found.
File C:\Program Files\Quiknowledge\Service\qksvc.exe not found.
Service qknfd stopped successfully!
Service qknfd deleted successfully!
File C:\WINDOWS\system32\drivers\qknfd.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}\ not found.
Prefs.js: "Speedial" removed from browser.search.defaultenginename
Prefs.js: "Speedial" removed from browser.search.selectedEngine
Prefs.js: ZenSearch%40ZenSearch.com:1.0 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\Mozilla Firefox\extensions\[email protected] not found.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\_locales\en-US folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\_locales folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\resources folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\info folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\favorites folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images\chrome folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\images folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins\css folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\plugins folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\resources folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images\patterns folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\images folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab\css folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\newtab folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\icons folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\gallery folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin\external folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\skin folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\content\newtab folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\content\external folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\content\data folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\content\browser folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}\content folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} folder moved successfully.
Folder C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions\[email protected]\ not found.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\searchplugins\Speedial.xml moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\ not found.
File C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC740D8D-BAA6-4BAF-9183-2406AB943D3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC740D8D-BAA6-4BAF-9183-2406AB943D3A}\ not found.
File C:\Program Files\ZenSearch\IeZenSearch.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del513973640 not found.
C:\WINDOWS\system32\cmd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del513973640 not found.
File C:\WINDOWS\System32\cmd.exe not found.
Registry value HKEY_USERS\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZS_cleanup1 not found.
File C:\Documents and Settings\Todd\Local Settings\Temp\is-QCSB9.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Documents and Settings\Todd\Application Data\Speedial\UpdateProc folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Speedial folder moved successfully.
Folder C:\Documents and Settings\Todd\Application Data\Speedial\ not found.
C:\Documents and Settings\Todd\Application Data\1H1Q\Media Player Packages folder moved successfully.
C:\Documents and Settings\Todd\Application Data\1H1Q folder moved successfully.
C:\Program Files\Speedial\1.8.29.15\bh folder moved successfully.
C:\Program Files\Speedial\1.8.29.15 folder moved successfully.
C:\Program Files\Speedial folder moved successfully.
Folder C:\Program Files\Quiknowledge\ not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant folder moved successfully.
Folder C:\Documents and Settings\Todd\Application Data\ZenSearch\ not found.
Folder C:\Program Files\ZenSearch Updater\ not found.
Folder C:\Program Files\ZenSearch\ not found.
C:\Documents and Settings\Todd\Local Settings\Application Data\FileTypeAssistant folder moved successfully.
C:\Program Files\File Type Assistant folder moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\ProgramRefresh-ATFST.job moved successfully.
File C:\WINDOWS\tasks\ZenSearch updater.job not found.
C:\WINDOWS\tasks\ProgramUpdateCheck.job moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
Folder C:\Documents and Settings\Todd\Application Data\Speedial\ not found.
Folder C:\Documents and Settings\Todd\Application Data\ZenSearch\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eapmfjbemiffkmggedbiibolghfomomg not found.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\_locales\en folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\_locales folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\RedirectPages folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\images\Widgets folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\images\StatusButton folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\images\SafeBrowse folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\images folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\IdentitySafe folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0 folder moved successfully.
C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk folder moved successfully.
File\Folder C:\Program Files\Updater By SweetPacks not found.
File\Folder C:\Program Files\Mozilla Firefox\extensions\[email protected] not found.
File\Folder CHR - Extension: No name found = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda not found.
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
< netsh firewall reset /c >
No captured output from command...
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
< netsh firewall set opmode mode = ENABLE profile = ALL /c >
No captured output from command...
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Brooke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->FireFox cache emptied: 53059722 bytes
->Google Chrome cache emptied: 7162207 bytes
->Flash cache emptied: 947 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: dub_cm_auto
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34791 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: Tammy
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 469 bytes
->FireFox cache emptied: 283747917 bytes
->Google Chrome cache emptied: 23045066 bytes
->Flash cache emptied: 913 bytes
 
User: Todd
->Temp folder emptied: 212737566 bytes
->Temporary Internet Files folder emptied: 123219822 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 294894706 bytes
->Google Chrome cache emptied: 47902806 bytes
->Flash cache emptied: 10306 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 805231 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 443683064 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 86754 bytes
RecycleBin emptied: 4933910 bytes
 
Total Files Cleaned = 1,427.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032014_123607

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[tammy111]

im not finding an adwcleaner.txt file anywhere. have we done that yet?

[godawgs]

Did you download the AdwCleaner program to the desktop and run it yet?

[tammy111]

found it...

sorry, im not great at this

 

# AdwCleaner v3.211 - Report created 04/06/2014 at 13:13:31
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Todd - TODD-DXK8MBK1O8
# Running from : C:\Documents and Settings\Todd\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\lq1eq597.default\user.js
File Found : C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\whqpobn2.default\user.js
File Found : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\invalidprefs.js
File Found : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\user.js
Folder Found : C:\Documents and Settings\Brooke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Speedial
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\Software\Myfree Codec
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\tsassist.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\lq1eq597.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=nt&installDate=18/05/2013");
Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&installDate=18/05/2013&q=");

[ File : C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\whqpobn2.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=nt&installDate=18/05/2013");
Line Found : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&installDate=18/05/2013&q=");

[ File : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Documents and Settings\Brooke\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Startup_urls] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=hp&installDate=18/05/2013
Found [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd

[ File : C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013
Found [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd

[ File : C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=quickobrw&country=us&feedid=infospace&st=nt&dpid=us&lan=en&start=1
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6438 octets] - [04/06/2014 13:13:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6498 octets] ##########
 

[godawgs]

Thanks. Let's remove what AdwCleaner found and run an additional tool to remove junkware. Then I want a fresh OTL scan. Let me know how the computer is behaving after this round.
 
Step-1.
Re-run AdwCleaner

Close all open windows and browsers.

• Double click the AdwCleaner icon to run AdwCleaner.
• Click the Scan button and wait for the scan to complete.
• When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  **Very Important**
• Click the Registry tab and Uncheck the following items:
  • HKCU\Software\AppDataLow\Software
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.
Scan with JRT:

Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Doube-click the JRT icon to launch the application.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.

Step-3
Run OTL again and click the button. Post the log it produces in your next reply. NOTE: There won't be a Extras.txt log produced this time,


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0].txt log
2. The JRT.txt log
3. The new OTL.txt log