Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple problems on old Acer; need Malware Check


  • Please log in to reply

#1
TooNew2

TooNew2

    Member

  • Member
  • PipPipPip
  • 180 posts
.
Old Acer with Win XP needs a Doctor’s Malware Checkup

I think it’s about time I get some assistance and/or do some maintenance on my system, and I understand it needs a malware check first, so here is my request and some information about its problems. Please note that some while ago, a friend and I downloaded OTL and ran a first scan but nothing was saved. Last week, I downloaded OTL again and per directions ran the “Quick Scan”, so the included scan file has only the one part. If requested, I can run a new full scan and direct it produce the ‘missing’ second file which would have accompanied the very first scan.

Known Problems

First, the Safe Mode won’t go to completion. I get a static screen showing lines of system files, but the screen freezes; doesn’t change of its own and won’t respond to keystrokes or the mouse. The four files at the bottom of the list are all for AVG, the last ending in …\system32\DRIVERS\avgidshx.sys
I have to shut down by holding down the Off button. The system will reboot using “last known good configuration”.

Months ago, I tried to run a disc check. Since then, the system has tried to run a disc check every time it’s restarted. If allowed, it gets to a point where it can’t proceed and gives the following codes:

STOP: 0x000009C (0x00000004, 0x80456FF0, 0xB2000000, 0x0007OFOF)

[I think I got the letters and numerals (Zeros and O’s) correctly copied]

I normally cancel the disc check and go to the next step of signing in.

After which, for quite a while I next got a message that MachineIDCreator Application has encountered problems and needs to close; now I get two such messages, one after the other, and two such processes initially show up on the Task Manager before their being closed either with those notices or within the T. Manager.

For some weeks, once it’s been running for a few minutes, one of the SVCHOST processes goes wild (and doesn’t stop on its own), using all the CPU and preventing anything else from being done. I’ve needed to end the process using Task Manager in order to continue, this being true whether or not any programs have been opened yet. A minute or so after doing this, the screen blinks a few times and on a few occasions, the Desktop icons have been somewhat rearrange. I probably did this process-ending before running OTL.

For quite a while, my System restore hasn’t worked … It seems to go through the process, but when reopening, I get a message saying nothing has been changed. New Restore points seem to be made but they just don’t seem to be usable.

Once running, if I loose my IP address by momentarily unhooking the cable or putting the system on Standby, I don’t get reconnected without restarting. I assume this is due to some aspect of the aborted SVCHOST mentioned earlier.

Lastly, I tried to copy a few files to disc yesterday, but got a message that none was installed, even though it had just been able to read from that same near-empty disc which was still in the compartment.

As the file should show, the system has for years used AVG Free, SuperAntiSpy and SpywareBlaster (the last which hasn’t been updated in months) plus CCleaner gets run frequently. I do have old (both original and owner-made) system backup discs I inherited with the computer. Finally, I do want to keep it running XP.

Appreciatively awaiting comments and instructions.

OTL file follows:

---------------------------------------------------------

OTL logfile created on: 9/18/2013 10:23:50 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 495.15 Mb Available Physical Memory | 51.66% Memory free
2.61 Gb Paging File | 2.06 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): C:\pagefile.sys 1800 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.99 Gb Total Space | 9.82 Gb Free Space | 21.82% Space Free | Partition Type: FAT32
Drive D: | 45.21 Gb Total Space | 34.95 Gb Free Space | 77.31% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\BBPDFPortMon.dll ()
MOD - C:\Program Files\SolidWorks\Implode.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (brmfrmps) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Driver Services (SafeList) ==========

DRV - (XMS1563K) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (windrvNT) -- C:\WINDOWS\system32\windrvNT.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCAMPR5) -- C:\WINDOWS\system32\PCAMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MFX) -- C:\WINDOWS\System32\drivers\MFX.sys ()
DRV - (Dot4Storage HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{B339A214-3D40-4B27-9376-0A50B6DE7F32}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}: "URL" = http://www.google.co...1I7GPTB_enUS288
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{F7319DBB-BA8F-4C77-A66F-0900CC29CD75}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{FE09B145-C6D7-4422-B000-0F495B16C5F7}: "URL" = http://startpage.com...anguage=english
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: UnsortedBookmarksMenu@alice:2.3.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:2.3.2
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/09/17 16:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/09/17 16:28:02 | 000,000,000 | ---D | M]

[2009/05/30 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2007/11/03 19:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions
[2011/06/05 08:07:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/07 07:47:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/05/30 10:49:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/10/30 18:51:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2012/03/02 17:22:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2010/05/07 07:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2012/09/08 23:20:56 | 000,000,000 | ---D | M] (Unsorted Bookmarks Folder Menu) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\UnsortedBookmarksMenu@alice
[2013/09/16 17:32:18 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\searchplugins\startpage-https.xml
[2006/09/17 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/16 09:45:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 10:19:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

O1 HOSTS File: ([2006/08/03 20:15:16 | 000,001,018 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.78.61.76 EHOST009
O1 - Hosts: 64.78.61.76 EHOST009.exch005intermedia.net
O1 - Hosts: 206.40.48.172 DC005-1.exch005intermedia.net
O1 - Hosts: 64.78.61.6 DDC005.exch005intermedia.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.micr...ActiveX/odc.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187929164250 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187929088171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4DA44EA-8D7B-4C3C-A2C4-DE152D5C2256}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{17da330c-f96f-11e1-baf7-00038a000015}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 22:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/09/12 22:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/09 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/09/05 23:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Tom's Lists
[2007/03/21 08:20:24 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/18 22:41:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/18 21:48:38 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\swxJRNL.swj
[2013/09/18 21:07:04 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2013/09/18 21:06:50 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ROC_SYS_TASK.job
[2013/09/18 21:06:50 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/18 21:06:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/18 21:06:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6cb148a8b6fe.job
[2013/09/18 21:05:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc04ec2ccfa360.job
[2013/09/18 21:05:50 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/18 21:05:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/18 21:05:20 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/18 13:07:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/09/17 23:15:12 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\SolidWorks 2004.lnk
[2013/09/17 22:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/09/13 22:11:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/12 22:19:50 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/10 23:08:08 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee for PENTAX 2.0.lnk
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/08 14:09:52 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\WordPad (2).lnk
[2013/09/05 23:03:14 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to Projects List.rtf.lnk
[2013/09/05 23:01:00 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Projects List.rtf
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/09/04 22:46:32 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to KABA Simplex Lock.lnk
[2013/09/02 22:29:56 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Startpage Search Engine.url
[2013/09/02 14:59:46 | 000,154,799 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Desktop screehot 9-2-13.JPG
[2013/08/23 07:47:18 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Recent Login Activity.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 21:46:15 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\swxJRNL.swj
[2013/09/09 21:18:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/09 21:16:11 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/08 14:09:51 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\WordPad (2).lnk
[2013/09/05 23:03:12 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to Projects List.rtf.lnk
[2013/09/05 23:00:58 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Projects List.rtf
[2013/09/04 22:46:31 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to KABA Simplex Lock.lnk
[2013/09/02 14:59:44 | 000,154,799 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Desktop screehot 9-2-13.JPG
[2013/03/03 20:14:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/11/29 18:32:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\dt.dat
[2012/02/15 08:17:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 22:34:40 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Tom\swxJRNL.swj
[2011/11/20 23:14:42 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\Tom\DesktopswxJRNL.BAK
[2011/11/08 21:07:32 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Tom\My DocumentsswxJRNL.BAK
[2011/11/08 20:01:59 | 000,639,052 | ---- | C] () -- C:\WINDOWS\System32\BBPDFPortMon.dll
[2008/12/01 18:53:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Skin.flk
[2008/09/29 15:52:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tom\PUTTY.RND
[2007/10/04 20:03:06 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/11 21:57:16 | 024,153,696 | ---- | C] () -- C:\Program Files\SBC_SST_Installer.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 01:15:30 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/07/17 13:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/28 12:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/12/14 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/01/06 22:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/02/04 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/11/08 07:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/25 16:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/12/31 09:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 09:29:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/03 21:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/23 13:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/08 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/12/13 00:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 09:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/04/25 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/09/09 21:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2007/07/03 23:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2008/12/01 18:53:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tom\Application Data\.#
[2009/06/15 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OpenOffice.org
[2009/12/31 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG9
[2011/01/30 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ScanSoft
[2011/09/26 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2012/12/13 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TuneUp Software
[2012/12/13 00:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2013

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)

Apologies for the delay. I'm 23red, and it'll be my pleasure to assist you with your malware issues :D I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts.

• Please make sure to carefully read every post completely before doing anything.

If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Please stick with me until all malware is gone from your system. Malware removal is not an instant process. Logs do take time to investigate. Just because you no longer see any symptoms it does not necessarily mean your system is completely clear of malware.

• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Posts not answered in 4 days will be closed. Send a PM to myself or a Mod to have it reopened.

• Thanks for your understanding and patience. I'll be back with you as soon as possible!
  • 0

#3
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Thank you for the help, both of you. Feel free to take whatever time is necessary as I am not impatient, I do understand that nothing is simple, and I actually spend most of my time working outside anyway. I should be able to reply within a half day or less, probably sooner.
I do understand the instructions with one small exception. I usually run CCleaner every few days or so to delete cookies and temorary files; this doesn't count as a scan too, does it? I will refrain from running anything else, and that too if told to.

Thanks again!

Awaiting further instructions.
  • 0

#4
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)

Again, my apologies for the delay.

It does not look too bad. Let's clean out some of the junk:

Step 1.

OTL Fix

Please double click on Posted Image to open the program.

Under Posted Image
in the textbox at the bottom, please paste in the following text:

:Commands
[CreateRestorePoint]
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}
IE - HKCU\..\SearchScopes\{B339A214-3D40-4B27-9376-0A50B6DE7F32}: "URL" = http://search.micros...q={searchTerms}
IE - HKCU\..\SearchScopes\{B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}: "URL" = http://www.google.co...1I7GPTB_enUS288
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{F7319DBB-BA8F-4C77-A66F-0900CC29CD75}: "URL" = https://startpage.co...anguage=english
IE - HKCU\..\SearchScopes\{FE09B145-C6D7-4422-B000-0F495B16C5F7}: "URL" = http://startpage.com...anguage=english
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2012/06/16 09:45:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/03 10:19:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_13)
[2006/07/17 13:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
:Files
ipconfig /flushdns /c






• Push the Posted Image button.

• OTL may ask to reboot the machine. Please do so if asked.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

• A massage box Posted Image will pop-up.

• Click the OK button and a report will open.

• Copy and Paste that report in your next reply, please




Step 2.

Fresh OTL Scan

• Please double click on Posted Image to start the Program.

Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• Please also check the boxes next to Purity Check and Lop Check

• And under Extra Registry check also the radio dial by Use Safelist

• Under Posted Image in the textbox at the bottom, please paste in the following text:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTOREPOINT]



•Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.



Step 3.

SecurityCheck by Screen317:

Please also download Security Check by screen317.

•Save it to your Desktop.

•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

•A Notepad document should open automatically called checkup.txt; please also post the contents of that document.



Step 4.

Questions:

1. Are you a paid AVG user or Free?
2. Do you require or prefer AVG? Microsoft Security Essentials consumes less system resources, AVG is recommended less often these days as it's not maintained as well as it used to be and has become bloated over time. You may likely run better/smoother if you switch.

When you return, please:
OTL fix log
Fresh OTL scan log and Extras.txt
SecurityCheck log
Answers to the questions
  • 0

#5
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Hello again, 23red;

I assumed the OTL Fix just under Step 1. was a link, but it doesn't act like one. The same is true of Fresh OTL Scan under Step 2. Did you intend to tell me to first download OTL (or to use the one I previously had but recently deleted), is the link there but somehow my system isn't seeing it, or what? Per the original instructions, I will wait for further clarification or advice rather than download OTL and proceed.

BTW, the Security Check by Screen317 under Step 3. is a working link and I've downloaded it to the desktop.


.

Edited by TooNew2, 17 October 2013 - 12:25 AM.

  • 0

#6
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2

I assumed the OTL Fix just under Step 1. was a link, but it doesn't act like one. The same is true of Fresh OTL Scan under Step 2. Did you intend to tell me to first download OTL (or to use the one I previously had but recently deleted),


The one you had would have been fine. My apologies, Please download OTL to your desktop.

• Please doubleclick on Posted Image on your Desktop to start the program.

Then please proceed with the instructions in post #4. :)

BTW, the Security Check by Screen317 under Step 3. is a working link and I've downloaded it to the desktop.


:thumbsup:
  • 0

#7
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Hello 23red;

All went well or as expected with two hopefully small exceptions, the first which I must apologize for. I somehow overlooked the closing of Task Manager before running Step 2.
Also, under C:\_OTL\MovedFiles, I find both a text document and a folder, each bearing the same name, that being: 10172013_183730
The folder in turn contains two folders, one being C_Documents and Settings while the other is C_Program Files
Is this a normal occurrence or of any consequence?


Below are the requested files:



========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B339A214-3D40-4B27-9376-0A50B6DE7F32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B339A214-3D40-4B27-9376-0A50B6DE7F32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B643F8F3-B9D7-4AA9-A286-328AD1CBCAD3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7319DBB-BA8F-4C77-A66F-0900CC29CD75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7319DBB-BA8F-4C77-A66F-0900CC29CD75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE09B145-C6D7-4422-B000-0F495B16C5F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE09B145-C6D7-4422-B000-0F495B16C5F7}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 removed from extensions.enabledAddons
Prefs.js: [email protected]:1.0 removed from extensions.enabledAddons
Prefs.js: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 removed from extensions.enabledItems
Prefs.js: "http://us.yhs.search...2-tb-web_us&p=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Tom\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tom\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10172013_183730



Step 2.
OTL logfile created on: 10/17/2013 6:46:50 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 393.33 Mb Available Physical Memory | 41.04% Memory free
2.61 Gb Paging File | 2.02 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): C:\pagefile.sys 1800 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.99 Gb Total Space | 7.48 Gb Free Space | 16.63% Space Free | Partition Type: FAT32
Drive D: | 45.21 Gb Total Space | 34.82 Gb Free Space | 77.02% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\BBPDFPortMon.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (brmfrmps) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Driver Services (SafeList) ==========

DRV - (XMS1563K) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (windrvNT) -- C:\WINDOWS\system32\windrvNT.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCAMPR5) -- C:\WINDOWS\system32\PCAMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MFX) -- C:\WINDOWS\System32\drivers\MFX.sys ()
DRV - (Dot4Storage HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: UnsortedBookmarksMenu@alice:2.3.2
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:2.3.2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/09/17 16:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/09/17 16:28:02 | 000,000,000 | ---D | M]

[2009/05/30 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2007/11/03 19:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions
[2011/06/05 08:07:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/07 07:47:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/05/30 10:49:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/10/30 18:51:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2012/03/02 17:22:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2010/05/07 07:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2012/09/08 23:20:56 | 000,000,000 | ---D | M] (Unsorted Bookmarks Folder Menu) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\UnsortedBookmarksMenu@alice
[2013/10/17 07:42:58 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\searchplugins\startpage-https.xml
[2006/09/17 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

O1 HOSTS File: ([2006/08/03 20:15:16 | 000,001,018 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.78.61.76 EHOST009
O1 - Hosts: 64.78.61.76 EHOST009.exch005intermedia.net
O1 - Hosts: 206.40.48.172 DC005-1.exch005intermedia.net
O1 - Hosts: 64.78.61.6 DDC005.exch005intermedia.net
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Kathleen\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.micr...ActiveX/odc.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187929164250 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187929088171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4DA44EA-8D7B-4C3C-A2C4-DE152D5C2256}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{17da330c-f96f-11e1-baf7-00038a000015}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/17 18:37:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 18:28:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/10/16 23:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\New Folder
[2013/10/13 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\IH Parts websites
[2013/09/22 09:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Joats65 Backup 9-22-13
[2007/03/21 08:20:24 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/17 18:46:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/17 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/10/17 16:09:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/17 16:09:30 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2013/10/17 16:08:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6cb148a8b6fe.job
[2013/10/17 16:08:40 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ROC_SYS_TASK.job
[2013/10/17 16:08:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc04ec2ccfa360.job
[2013/10/17 16:08:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/17 16:08:14 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 23:11:02 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\SecurityCheck by screen317.exe
[2013/10/16 23:00:06 | 000,150,596 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Desktop Screenshot 10-16-13.JPG
[2013/10/16 20:02:18 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\GEEK HELP!.url
[2013/10/15 13:07:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/10/14 22:13:30 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\14 Packs Nexel Shelf Clips Wire Shelving Plastic Metro Split Sleeves eBay.url
[2013/10/14 10:09:26 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Binder Planet.lnk
[2013/10/13 23:14:14 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Create a desktop shortcut to a website Firefox Help.URL
[2013/10/08 09:32:30 | 000,131,005 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Milwaulee Shear auction 10-8-13.JPG
[2013/10/05 22:50:22 | 000,005,924 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Geeks to Go! - Tech experts answer your questions.url
[2013/09/23 10:25:38 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/21 18:31:56 | 095,982,746 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Full Registry 9-21-13.reg
[2013/09/19 20:39:52 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/19 13:19:50 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to OTL Tutorial.lnk
[2013/09/17 23:15:12 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\SolidWorks 2004.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 23:11:05 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\SecurityCheck by screen317.exe
[2013/10/16 23:00:04 | 000,150,596 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Desktop Screenshot 10-16-13.JPG
[2013/10/14 22:13:28 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\14 Packs Nexel Shelf Clips Wire Shelving Plastic Metro Split Sleeves eBay.url
[2013/10/14 08:43:15 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\GEEK HELP!.url
[2013/10/13 23:41:56 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Binder Planet.lnk
[2013/10/13 23:14:13 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Create a desktop shortcut to a website Firefox Help.URL
[2013/10/08 09:32:28 | 000,131,005 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Milwaulee Shear auction 10-8-13.JPG
[2013/10/05 22:50:38 | 000,005,924 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Geeks to Go! - Tech experts answer your questions.url
[2013/09/26 00:09:12 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Geeks - Malware Removal Guides and Tutorials - .url
[2013/09/21 18:31:45 | 095,982,746 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Full Registry 9-21-13.reg
[2013/09/19 13:19:30 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Shortcut to OTL Tutorial.lnk
[2013/03/03 20:14:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/11/29 18:32:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\dt.dat
[2012/02/15 08:17:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 22:34:40 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Tom\swxJRNL.swj
[2011/11/20 23:14:42 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\Tom\DesktopswxJRNL.BAK
[2011/11/08 21:07:32 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Tom\My DocumentsswxJRNL.BAK
[2011/11/08 20:01:59 | 000,639,052 | ---- | C] () -- C:\WINDOWS\System32\BBPDFPortMon.dll
[2008/12/01 18:53:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Skin.flk
[2008/09/29 15:52:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tom\PUTTY.RND
[2007/10/04 20:03:06 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/11 21:57:16 | 024,153,696 | ---- | C] () -- C:\Program Files\SBC_SST_Installer.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 01:15:30 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/10 10:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2006/07/28 12:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/12/14 16:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/01/06 22:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/02/04 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/11/08 07:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/25 16:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RingCentral
[2009/12/31 09:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 09:29:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/03 21:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/09/23 13:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/08 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2012/12/13 00:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 09:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/04/25 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2007/05/21 08:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\ACD Systems
[2007/07/03 23:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ACD Systems
[2008/12/01 18:53:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tom\Application Data\.#
[2009/06/15 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OpenOffice.org
[2009/12/31 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG9
[2011/01/30 09:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ScanSoft
[2011/09/26 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2012/12/13 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\TuneUp Software
[2012/12/13 00:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2013
[2007/11/24 20:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\ACD Systems
[2007/11/24 21:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Leadertech
[2007/11/24 22:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\Printer Info Cache
[2008/11/29 08:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\ATTTOOLBAR
[2009/08/07 20:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\OpenOffice.org
[2009/10/12 17:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathleen\Application Data\ScanSoft

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 17:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 17:12:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 17:12:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 06:58:52 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\BROWSER.DLL -- (Browser)
SRV - [2008/04/13 17:11:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 17:11:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 04:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 17:12:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 17:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 17:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 17:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 17:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 17:12:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 17:12:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 17:12:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 09:02:48 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 04:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 17:12:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 17:12:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 17:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 17:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:57:44 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 17:12:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 17:12:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 17:12:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 17:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 17:12:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 17:12:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/13 17:12:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 17:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 17:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 17:11:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 17:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 17:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 17:12:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 17:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 17:12:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 23:14:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2006/07/17 13:42:34 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 04:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 05:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\i386\SERVICES._

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 03:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EX_ >
[2004/08/04 05:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\i386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 04:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.ICO >
[2005/12/14 19:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\common\icons\services.ico

< MD5 for: SERVICES.LNK >
[2012/04/24 12:50:28 | 000,001,510 | ---- | M] () MD5=2E6C994AF3614123B7D85E89F984971A -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 05:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\i386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 320D-180E

< End of report >




OTL Extras logfile created on: 10/17/2013 6:46:50 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 393.33 Mb Available Physical Memory | 41.04% Memory free
2.61 Gb Paging File | 2.02 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): C:\pagefile.sys 1800 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.99 Gb Total Space | 7.48 Gb Free Space | 16.63% Space Free | Partition Type: FAT32
Drive D: | 45.21 Gb Total Space | 34.82 Gb Free Space | 77.02% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"8090:TCP" = 8090:TCP:*:Enabled:Foscam one

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe" = C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate -- (Newtech Infosystems, Inc.)
"C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe" = C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe:*:Enabled:SBC Self Support Tool Alerts -- (Motive, Inc.)
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
"C:\Program Files\AVG\AVG8\avgdiag.exe" = C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files\AVG\AVG8\avgdiagex.exe" = C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SBC Self Support Tool\bin\mad.exe" = C:\Program Files\SBC Self Support Tool\bin\mad.exe:*:Enabled:AT&T Self Support Tool -- (Motive, Inc.)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1153168673\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153168673\EE\AOLServiceHost.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL -- (AOL, LLC.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1153168673\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1153168673\EE\aolsoftware.exe:*:Disabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Disabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon -- (America Online, Inc)
"C:\WINDOWS\System32\fxsclnt.exe" = C:\WINDOWS\System32\fxsclnt.exe:*:Disabled:Microsoft Fax Console
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Kathleen\Application Data\U3\000017F9AC647E3D\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\Kathleen\Application Data\U3\000017F9AC647E3D\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Disabled:Skype
"C:\Documents and Settings\Kathleen\Application Data\U3\0878411919825F6F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Documents and Settings\Kathleen\Application Data\U3\0878411919825F6F\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Disabled:Skype. Take a deep breath
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
"C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe" = C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe:*:Disabled:RingCentral Call Controller
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\WINDOWS\System32\IPCamera.exe" = C:\WINDOWS\System32\IPCamera.exe:*:Enabled:IPCamera -- ()
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6C651250-2EB2-11D5-8E33-0050DAD72AC2}" = NetZero
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DC76EAE7-72B6-442E-AAD0-6A67F915C23D}" = SolidWorks 2004 SP0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AOL Deskbar" = AOL Deskbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATT-AACE" = ATT-AACE
"ATT-PRT22" = ATT-PRT22
"AVG" = AVG 2013
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"DEXview" = DEXview
"EOS Utility" = Canon Utilities EOS Utility
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"IP Camera" = IP Camera
"LManager" = Launch Manager
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pegasus Mail" = Pegasus Mail
"PhotoStitch" = Canon Utilities PhotoStitch
"Port Magic" = Pure Networks Port Magic
"PrintMaster Premier 4.00" = PrintMaster Premier 4.00
"Quick Search Box" = Google Quick Search Box
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SBC.MCCInstall" = AT&T Self Support Tool
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/16/2013 3:34:22 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting
module avguidx.dll, version 2012.0.0.1, fault address 0x00028fa6.

Error - 10/16/2013 5:30:00 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting
module avguidx.dll, version 2012.0.0.1, fault address 0x00028fa6.

Error - 10/16/2013 11:28:53 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21348, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 10/17/2013 12:53:24 AM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting
module avguidx.dll, version 2012.0.0.1, fault address 0x00028fa6.

Error - 10/17/2013 1:00:17 AM | Computer Name = ACER-2E68C49B20 | Source = Ci | ID = 4124
Description = Content index on d:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 10/17/2013 1:00:17 AM | Computer Name = ACER-2E68C49B20 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on d:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 10/17/2013 2:23:14 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application MachineIdCreator.exe, version 14.0.0.6, faulting
module avguidx.dll, version 2012.0.0.1, fault address 0x00028fa6.

Error - 10/17/2013 2:45:28 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21348, faulting
module unknown, version 0.0.0.0, fault address 0x01cd0fd0.

Error - 10/17/2013 9:30:49 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21348, faulting
module unknown, version 0.0.0.0, fault address 0x025f0fd0.

Error - 10/17/2013 9:35:55 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21348, faulting
module unknown, version 0.0.0.0, fault address 0x025f0fd0.

[ System Events ]
Error - 10/16/2013 5:30:15 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/16/2013 5:36:19 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/16/2013 10:12:18 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/16/2013 11:17:13 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 10/17/2013 12:53:40 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/17/2013 12:54:18 AM | Computer Name = ACER-2E68C49B20 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 00C09FCF83D3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/17/2013 1:03:42 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 10/17/2013 10:25:05 AM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/17/2013 2:23:47 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 10/17/2013 7:09:13 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2


< End of report >



Step 3.
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG 2013
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
SUPERAntiSpyware Free Edition
Windows Defender
CCleaner
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (3.6.28) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````


Step 4.

1). I have the AVG free version

2). AVG was on the computer when I “inherited” it some years ago, but the last
two versions have seemed to cause problems after installation. I am open to
switching to the Microsoft program.



I assume all these files will take some time and effort to dig through. Take whatever time you need to keep from getting eyestrain; I greatly appreciate all your effort and the patience needed on your part.

Thanks again
  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)

My sincerest apologies for the delay. I'm not seeing any malware on your computer, however it does look like AVG is causing some issues. Let's see if this helps:

Step 1
Microsoft Security Essentials

Download Microsoft Security Essentials from ~> this link <~ to your Desktop.
Do not install it yet.

Step 2
Revo Uninstaller

Click ~> this link <~ to download Revo Uninstaller
Once downloaded, double click the file and follow the prompts to install it
Run Revo Uninstaller, then click the program(s) you want to remove:

AVG 2013 ~ and any other AVG programs listed
Java 7 Update 13
Viewpoint Media Player
Adobe Flash


Then click Uninstall at the top
Click Yes to confirm, then click Next
After it has ran the official Uninstaller, click Next to search for leftover information
If it finds any leftover files and folders, click Select All, then Delete
Click Next after it has removed the leftovers, then click Finish


Step 3
OTL fix

Please double click on Posted Image on your Desktop to open OTL.

Under Posted Image
in the textbox at the bottom of the OTL window, please paste in the following text:

:Commands
[CreateRestorePoint]
:OTL
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
[2006/09/17 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O33 - MountPoints2\{17da330c-f96f-11e1-baf7-00038a000015}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
[2013/10/17 16:08:40 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ROC_SYS_TASK.job
[2013/09/19 20:39:52 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2009/12/31 09:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/12/13 00:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 09:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/04/25 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2009/12/31 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG9
[2011/09/26 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2012/12/13 00:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2013

:Files
C:\Program Files\AVG
ipconfig /flushdns /c







• Push the Posted Image button.

• OTL may ask to reboot the machine. Please do so if asked.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date_time of the tool run).

• Upon completion, a massage box Posted Image will pop-up.

• Click the OK button and a report will open.

• Copy and Paste that report in your next reply, please

If OTL does not ask for a reboot, please do so before installing Microsoft Security Essentials


Step 4

Install Microsoft Security Essentials

Double click the installer on your Desktop, follow the prompts to install.
Please run a full scan upon installation. Let me know if it finds anything.

Upon completion of the scan:

Step 5

Fresh OTL Scan

• Please double click on Posted Image on your Desktop to open the program.

Make sure all other windows are closed and to let it run uninterrupted.

• Click the Posted Image button.

• Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, a notepad log will open ~ OTL.Txt . This is saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) the log it produces in your next reply.

Please let me know how it goes.

When you return, please:

OTL fix log
Fresh OTL scan
How is your computer running now?
  • 0

#9
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Greetings, 23red;
No need for apologies about delays. I appreciate the work you're doing. :thumbsup:


Step 2. was more 'complicated', more steps then I expected, each selected item needing to be uninstalled in turn. Also for example, when Revo U. opened the AVG Uninstaller, the latter had two boxes it appeared I needed to check, including 'delete user's settings', which I did. Once AVG U. closed, Revo went through a few screens in deleting extra stuff but three last files did not delete in two attempts; a notation indicated they would be deleted upon reboot, so I rebooted before starting Step 3.

In Step 3, I copied the needed files from Notepad and closed it, opened OTL and pasted the files in, then hit Run/Fix. The bottom notation indicated OTL was making a backup file and then it quickly went to

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)

where it stayed for well over five minutes with the CPU 'maxed out'. I finally shut the whole system down since closing OTL didn't seem to work correctly.
I again rebooted and tried a second time with the same results, except this time, closing OTL worked properly. Could this be due to my rebooting after Step 2; it's trying to find and do something I already (wrongly) did?

To summarize, I have been unable to run Step 3.

I will wait for further directions.



.

Edited by TooNew2, 23 October 2013 - 09:14 AM.

  • 0

#10
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)
I've taken out the offending line, please run accordingly and continue with the other steps. Please note the addition of the AVG uninstaller below.

Step 3
OTL fix

Please double click on Posted Image on your Desktop to open OTL.

Under Posted Image
in the textbox at the bottom of the OTL window, please paste in the following text:

:Commands
[CreateRestorePoint]
:OTL
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
[2006/09/17 16:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-643901058-1627139281-4071398578-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O33 - MountPoints2\{17da330c-f96f-11e1-baf7-00038a000015}\Shell\AutoRun\command - "" = F:\RunClubSanDisk.exe
[2013/10/17 16:08:40 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ROC_SYS_TASK.job
[2013/09/19 20:39:52 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2009/12/31 09:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/12/13 00:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/22 09:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/04/25 13:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2009/12/31 09:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG9
[2011/09/26 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2012
[2012/12/13 00:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\AVG2013

:Files
C:\Program Files\AVG
ipconfig /flushdns /c







• Push the Posted Image button.

• OTL may ask to reboot the machine. Please do so if asked.

• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date_time of the tool run).

• Upon completion, a massage box Posted Image will pop-up.

• Click the OK button and a report will open.

• Copy and Paste that report in your next reply, please

If OTL does not ask for a reboot, please do so before installing Microsoft Security Essentials


Please then run the AVG uninstaller from ~> this link <~
before installing Microsoft Security Essentials to get the last of AVG out. It will need to reboot afterwards, make sure to have no other programs open.
Please let me know how it goes :)

Edited by 23red, 23 October 2013 - 07:04 PM.

  • 0

Advertisements


#11
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Howdy, 23red;


Do you think my problems might be that my computer never gets enough sleep, just as I don't? :whistling:

The OTL Fix went well and without rebooting being needed. The log is below.

When I clicked the AVG uninstaller, nothing seemed to be happening and after some minutes, I shut the system down. Upon restarting, I had a box asking if I wanted to run the uninstaller, so I clicked yes. A few minutes later, my SVCHOST.EXE went wild (I'd forgotten to wait for it to run and be closed) and after closing, my desktop icons were rearranged again, etc. Long story short,,,after a few tries running the uninstaller, I don't know if it actually did run, so I haven't yet installed Microsoft Security Essentials.

BTW, I still get the attempted Disc Checking on restart too.

Should I next run the OTL full scan so you can check things out, before installing the MSE?
Awaiting further instructions.


Here's the OTL Fix log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named avgui.exe was found!
No active process named avgwdsvc.exe was found!
No active process named avgcsrvx.exe was found!
No active process named avgrsx.exe was found!
No active process named avgnsx.exe was found!
No active process named avgidsagent.exe was found!
No active process named avgemcx.exe was found!
Process SynTPLpr.exe killed successfully!
Error: No service named avgwd was found to stop!
Service\Driver key avgwd not found.
File C:\Program Files\AVG\AVG2013\avgwdsvc.exe not found.
Error: No service named AVGIDSAgent was found to stop!
Service\Driver key AVGIDSAgent not found.
File C:\Program Files\AVG\AVG2013\avgidsagent.exe not found.
Error: No service named AVGIDSShim was found to stop!
Service\Driver key AVGIDSShim not found.
File C:\WINDOWS\system32\drivers\avgidsshimx.sys not found.
Error: No service named Avgrkx86 was found to stop!
Service\Driver key Avgrkx86 not found.
File C:\WINDOWS\system32\drivers\avgrkx86.sys not found.
Error: No service named Avglogx was found to stop!
Service\Driver key Avglogx not found.
File C:\WINDOWS\system32\drivers\avglogx.sys not found.
Error: No service named AVGIDSDriver was found to stop!
Service\Driver key AVGIDSDriver not found.
File C:\WINDOWS\system32\drivers\avgidsdriverx.sys not found.
Error: No service named AVGIDSHX was found to stop!
Service\Driver key AVGIDSHX not found.
File C:\WINDOWS\system32\drivers\avgidshx.sys not found.
Error: No service named Avgldx86 was found to stop!
Service\Driver key Avgldx86 not found.
File C:\WINDOWS\system32\drivers\avgldx86.sys not found.
Error: No service named Avgmfx86 was found to stop!
Service\Driver key Avgmfx86 not found.
File C:\WINDOWS\system32\drivers\avgmfx86.sys not found.
Error: No service named Avgtdix was found to stop!
Service\Driver key Avgtdix not found.
File C:\WINDOWS\system32\drivers\avgtdix.sys not found.
Error: No service named CO_Mon was found to stop!
Service\Driver key CO_Mon not found.
File C:\WINDOWS\system32\drivers\CO_Mon.sys not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2\ not found.
File C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-643901058-1627139281-4071398578-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-643901058-1627139281-4071398578-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI not found.
File C:\Program Files\AVG\AVG2013\avgui.exe not found.
Registry key HKEY_USERS\S-1-5-21-643901058-1627139281-4071398578-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
Starting removal of ActiveX control {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}\ not found.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File Protocol\Handler\linkscanner - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17da330c-f96f-11e1-baf7-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17da330c-f96f-11e1-baf7-00038a000015}\ not found.
File F:\RunClubSanDisk.exe not found.
C:\WINDOWS\tasks\ROC_SYS_TASK.job moved successfully.
File C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk not found.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\AVG2013\ not found.
C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign folder moved successfully.
C:\Documents and Settings\Tom\Application Data\AVG9\cfgall folder moved successfully.
C:\Documents and Settings\Tom\Application Data\AVG9 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\AVG2012\cfgall folder moved successfully.
C:\Documents and Settings\Tom\Application Data\AVG2012 folder moved successfully.
C:\Documents and Settings\Tom\Application Data\AVG2013 folder moved successfully.
========== FILES ==========
C:\Program Files\AVG\AVG8\log folder moved successfully.
C:\Program Files\AVG\AVG8 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\speedtest folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner-sp1\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner-sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\multimi-banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\mobilation folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\inclient_free folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\techbuddy\component folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs\techbuddy folder moved successfully.
C:\Program Files\AVG\AVG2012\awacs folder moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG\AVG9\log folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Tom\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tom\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10232013_184328
  • 0

#12
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)

Should I next run the OTL full scan so you can check things out, before installing the MSE?


Yes, please :)
  • 0

#13
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Good Morning, 23red;

Here is the log of the OTL full scan, which ran with no settings modified:


OTL logfile created on: 10/24/2013 8:14:42 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 585.70 Mb Available Physical Memory | 61.11% Memory free
2.61 Gb Paging File | 2.19 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): C:\pagefile.sys 1800 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.99 Gb Total Space | 8.28 Gb Free Space | 18.39% Space Free | Partition Type: FAT32
Drive D: | 45.21 Gb Total Space | 34.82 Gb Free Space | 77.02% Space Free | Partition Type: FAT32

Computer Name: ACER-2E68C49B20 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Yahoo!\browser\YCommonPS.dll ()
MOD - C:\WINDOWS\system32\BBPDFPortMon.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Pml Driver) -- C:\WINDOWS\system32\hphipm09.exe (HP)
SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (anbmService) -- C:\Acer\eManager\anbmServ.exe (OSA Technologies Inc.)
SRV - (brmfrmps) -- C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)


========== Driver Services (SafeList) ==========

DRV - (XMS1563K) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (windrvNT) -- C:\WINDOWS\system32\windrvNT.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCAMPR5) -- C:\WINDOWS\system32\PCAMPR5.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MFX) -- C:\WINDOWS\System32\drivers\MFX.sys ()
DRV - (Dot4Storage HPH09) -- C:\WINDOWS\system32\drivers\hphs2k09.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH09) -- C:\WINDOWS\system32\drivers\hphius09.sys (HP)
DRV - (Dot4Print HPH09) -- C:\WINDOWS\system32\drivers\hphipr09.sys (HP)
DRV - (Dot4 HPH09) -- C:\WINDOWS\system32\drivers\hphid409.sys (HP)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows ® 2000 DDK provider)
DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GPTB_enUS288
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:2.3.2


FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/09/17 16:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/09/17 16:28:02 | 000,000,000 | ---D | M]

[2009/05/30 23:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2007/11/03 19:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions
[2011/06/05 08:07:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/07 07:47:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2009/05/30 10:49:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/10/30 18:51:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2012/03/02 17:22:14 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2010/05/07 07:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2012/09/08 23:20:56 | 000,000,000 | ---D | M] (Unsorted Bookmarks Folder Menu) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\extensions\UnsortedBookmarksMenu@alice
[2013/10/23 21:05:48 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\f9vo8rkb.default\searchplugins\startpage-https.xml
[2013/10/23 20:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/08/03 20:15:16 | 000,001,018 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.78.61.76 EHOST009
O1 - Hosts: 64.78.61.76 EHOST009.exch005intermedia.net
O1 - Hosts: 206.40.48.172 DC005-1.exch005intermedia.net
O1 - Hosts: 64.78.61.6 DDC005.exch005intermedia.net
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\system32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.micr...ActiveX/odc.cab (Microsoft Data Collection Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187929164250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187929088171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4DA44EA-8D7B-4C3C-A2C4-DE152D5C2256}: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/22 09:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/22 09:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Start Menu\Programs\Revo Uninstaller
[2013/10/22 09:20:02 | 002,623,656 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Tom\Desktop\revosetup.exe
[2013/10/22 09:15:10 | 011,227,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tom\Desktop\mseinstall.exe
[2013/10/17 18:37:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 18:28:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/10/16 23:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\New Folder
[2013/10/13 18:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\IH Parts websites
[2007/03/21 08:20:24 | 000,300,680 | ---- | C] (CA, Inc.) -- C:\Documents and Settings\All Users\Application Data\arclib.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/24 08:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc04ec2ccfa360.job
[2013/10/24 08:02:34 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/10/24 08:00:12 | 000,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2013/10/24 07:59:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/24 07:59:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6cb148a8b6fe.job
[2013/10/24 07:59:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/24 07:59:28 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 20:46:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 13:07:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/10/22 09:47:32 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Revo Uninstaller.lnk
[2013/10/22 09:20:02 | 002,623,656 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Tom\Desktop\revosetup.exe
[2013/10/22 09:15:12 | 011,227,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom\Desktop\mseinstall.exe
[2013/10/17 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2013/10/16 23:11:02 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\SecurityCheck by screen317.exe
[2013/10/16 23:00:06 | 000,150,596 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Desktop Screenshot 10-16-13.JPG
[2013/10/16 20:02:18 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\GEEK HELP!.url
[2013/10/14 22:13:30 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\14 Packs Nexel Shelf Clips Wire Shelving Plastic Metro Split Sleeves eBay.url
[2013/10/14 10:09:26 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Binder Planet.lnk
[2013/10/13 23:14:14 | 000,000,093 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Create a desktop shortcut to a website Firefox Help.URL
[2013/10/08 09:32:30 | 000,131,005 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Milwaulee Shear auction 10-8-13.JPG
[2013/10/05 22:50:22 | 000,005,924 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Geeks to Go! - Tech experts answer your questions.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/22 10:11:53 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/10/22 09:47:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Revo Uninstaller.lnk
[2013/10/16 23:11:05 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\SecurityCheck by screen317.exe
[2013/10/16 23:00:04 | 000,150,596 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Desktop Screenshot 10-16-13.JPG
[2013/10/14 22:13:28 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\14 Packs Nexel Shelf Clips Wire Shelving Plastic Metro Split Sleeves eBay.url
[2013/10/14 08:43:15 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\GEEK HELP!.url
[2013/10/13 23:41:56 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Binder Planet.lnk
[2013/10/13 23:14:13 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Create a desktop shortcut to a website Firefox Help.URL
[2013/10/08 09:32:28 | 000,131,005 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Milwaulee Shear auction 10-8-13.JPG
[2013/10/05 22:50:38 | 000,005,924 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Geeks to Go! - Tech experts answer your questions.url
[2013/09/26 00:09:12 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Geeks - Malware Removal Guides and Tutorials - .url
[2013/03/03 20:14:39 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/11/29 18:32:42 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\dt.dat
[2012/02/15 08:17:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 22:34:40 | 000,001,171 | ---- | C] () -- C:\Documents and Settings\Tom\swxJRNL.swj
[2011/11/20 23:14:42 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\Tom\DesktopswxJRNL.BAK
[2011/11/08 21:07:32 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Tom\My DocumentsswxJRNL.BAK
[2011/11/08 20:01:59 | 000,639,052 | ---- | C] () -- C:\WINDOWS\System32\BBPDFPortMon.dll
[2008/12/01 18:53:02 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\Skin.flk
[2008/09/29 15:52:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tom\PUTTY.RND
[2007/10/04 20:03:06 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/11 21:57:16 | 024,153,696 | ---- | C] () -- C:\Program Files\SBC_SST_Installer.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 01:15:30 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#14
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi TooNew2 :)
Go ahead and install Microsoft Security Essentials :thumbsup:
  • 0

#15
TooNew2

TooNew2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Greetings again, 23red;

Rebooting is much quicker now that AVG isn't checking every step.

Microsoft S.E. was successfully installed but the updating afterwards was interrupted once when the "connection failed", supposedly. The second time, the updating succeeded but required half an hour! Its Home Page indicates the Real Time Protection is on, but upon rebooting, Windows Security Center tells me my system "might be at risk" since there's no firewall...don't they know each other and Bill Gates :confused: ?

I ran the MSE quick scan and it found nothing. I assume that, because we ran the OTL full scan just before this MSE installation, it isn't needed/wanted again; correct me if I'm wrong.


The system is still trying to run Disc Check on startup, and one system SVCHOST.exe still causes 100% CPU usage a few minutes later, requiring that process to be ended. I assume the IP connection loss problem still exists but haven't checked today.

[Added later:]
I did test for the loss-of-connection and it's still occurring. Also, when I close IE, I usually get a message about an error occurring and that IE needs to close, then a smaller notice about an error being logged. This second problem has also been occurring for quite a while. I haven't got the new timing for ending the SVCHOST yet, and it's still capable of rearranging my desktop left four columns of icons (empties the sixth row from the top!). :wacko:

Graciously awaiting further comments or instructions. :thumbsup:



.

Edited by TooNew2, 24 October 2013 - 09:28 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP